question about ""oauth ? client"...
hello...
im back again, now i have a question about what i think is a web address that i think is a key logger or something like that...
a couple of days back i was on facebook & i clicked on a link for what i thought it was a youtube video, from a friend facebook page...
everything got mixed up, all the buttons on my desktop, toolbars, taskbar, quick launch, the bar where the clock is went blank, instead the icons & the names of files & folders everything was white...
i unplugged the cable from the modem as fast as i could, & the green light on front on my comp stood lit up for more than an hour, i could not do anything, not even move the mouse, after that i turn off the comp by pushing the power button on the comp...
when i turn the comp back on after let say 2 hours and try to do any thing on the internet i saw that when im loading / going to any page, above the start button there a bunch of web addresses that change very rapidly i have notice that there is this one ""https:// www. facebook .com/dialog /oauth?client _id=16995676698&response_ type=token%2C signed_request %2Cc"" (no spaces) that it stays on a bit longer that the others, even when im not logged in on face book...
with every different web site that i visit the numbers between the ""id="" & the ""&response"" part changes, i was told that it might be a key logger...
i have scan my computer with everything i can think of, (avg, spybot, kaspersky, Adaware, malwarebytes, avast free antivirus, spywareblaste, IObit Malware Fighter, SUPERAntiSpyware)... & they results vary but the most uncommon ones that they have report are these:...
the kaspersky...
1."Autorun from hard drives is allowed"
2."Autorun from network drives is enabled"
3."CD/DVD autorun is enabled"
4."Removable media autorun is enabled"
5."Microsoft Internet Explorer: clear history of typed URLs"
6."Microsoft Internet Explorer - disable caching data received via protected channel"
7."Microsoft Internet Explorer: disable sending error reports"
8."Microsoft Internet Explorer: delete cookies"
9."Microsoft Internet Explorer: clear the list of trusted domains"
10."Microsoft Internet Explorer: enable cache autocleanup on browser closing"
11."Microsoft Internet Explorer: start page reset"
the avg shows that all my excel & my word docs have macros in them, weird part about that is that i dont use that, i dont even know haw to use or create macros...
i open a new excel worksheet & i saved it empty, nothing on it, i scanned my comp after that & it showed that it had macros...
i dont remember that happening before...
please advice on what steps can i do / follow to fix or verified everything id ok...
in advance thanks again...
i posted a new thread @ http://forums.whatthetech.com with this url... http://forums.whatthetech.com/index....f=119&t=125524 & was told there to create new OTL & aswMBR scan logs, so here they are...
like i said before i could not run DDS, when i try i receive this...
i hope this helps to help me fix my comp...
thx...
""DDS not supported
This operating system is not supperted!
DDS only runs on:
*Windows 2000
*Windows XP (32 bit)
*Windows VIsta (32/64 bit)
*Windows 7 (32/64 bit)
*Windows 8 (32/64 bit)""...
aswMBR
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 16:04:24
-----------------------------
16:04:24.531 OS Version: Windows x64 5.2.3790 Service Pack 2
16:04:24.531 Number of processors: 2 586 0x2B01
16:04:24.531 ComputerName: FAM-PUTTER UserName: D J RAC
16:04:27.328 Initialize success
16:04:47.703 AVAST engine defs: 13021200
16:11:48.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e
16:11:48.859 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
16:11:48.921 Disk 0 MBR read successfully
16:11:48.921 Disk 0 MBR scan
16:11:48.968 Disk 0 Windows XP default MBR code
16:11:49.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
16:11:49.171 Disk 0 scanning C:\WINDOWS\system32\drivers
16:12:21.296 Service scanning
16:12:36.296 Modules scanning
16:12:36.296 Disk 0 trace - called modules:
16:12:36.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
16:12:36.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadfa3efb060]
16:12:36.328 3 CLASSPNP.SYS[fffffadf98e0a8c9] -> nt!IofCallDriver -> \Device\00000068[0xfffffadfa3895060]
16:12:36.328 5 ACPI.sys[fffffadf98fa9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-e[0xfffffadfa49d5c30]
16:12:38.406 AVAST engine scan C:\
19:45:30.765 Scan finished successfully
19:48:42.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\D J RAC\Desktop\MBR.dat"
19:48:42.015 The log file has been saved successfully to "C:\Documents and Settings\D J RAC\Desktop\C - AVG OFF aswMBR.txt"
OTL...
OTL logfile created on: 2/12/2013 9:41:41 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.69 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 80.97% Memory free
13.23 Gb Paging File | 12.74 Gb Available in Paging File | 96.34% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 66.93 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
Drive D: | 3.68 Gb Total Space | 3.66 Gb Free Space | 99.33% Space Free | Partition Type: FAT32
Computer Name: FAM-PUTTER | User Name: D J RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/12 07:12:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013/01/22 19:42:20 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/19 19:55:02 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jqs.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgui.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgwdsvc.exe
PRC - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2006/08/03 04:12:36 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/07/21 15:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/22 19:42:20 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
MOD - [2011/05/04 23:03:28 | 001,123,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvwimg.dll
MOD - [2011/05/04 23:03:22 | 001,558,120 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
========== Services (SafeList) ==========
SRV - [2013/01/22 19:42:20 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/19 19:55:02 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/14 22:15:34 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IMAPI.EXE -- (ImapiService)
SRV - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
========== Driver Services (SafeList) ==========
DRV - [2006/10/31 00:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\BIOS64.sys -- (BIOS)
DRV - [2006/03/29 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2006/03/29 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2003/07/30 01:02:00 | 000,047,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\pxhelp64.sys -- (PxHelp64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{30BC77FE-4B53-41DD-9969-75CC51DDB96C}: "URL" = http://search.avg.com/route/?d=4dbb5d33&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{9B9DB46E-1D45-4CF6-8145-BB8C8DB9A2E5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A1b30170e-56cc-44aa-8034-7de57febc0fc&locale=us"
FF - prefs.js..extensions.enabledAddons: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.17
FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.0.2.14
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&pid=avg&sg=&v=14.0.2.14&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/22 19:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Firefox 4 0 1\components [2011/08/21 12:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Firefox 4 0 1\plugins [2013/01/13 13:14:46 | 000,000,000 | ---D | M]
[2011/04/29 21:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Extensions
[2012/09/21 08:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions
[2012/01/24 07:50:55 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/16 02:32:54 | 001,096,733 | ---- | M] () (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\friendlygamingsimplifier@flies.xpi
[2012/01/24 07:50:52 | 000,031,123 | ---- | M] () (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
[2012/03/07 00:08:46 | 000,550,037 | ---- | M] () (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
[2013/01/22 19:43:01 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\14.0.2.14
========== Chrome ==========
CHR - homepage: https://my.screenname.aol.com/_cqr/l...9ff8&locale=us
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://isearch.avg.com/?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=14.0.2.14&pid=avg&sg=&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google Chrome Ver 19 0 1084 56 m\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google Chrome Ver 19 0 1084 56 m\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google Chrome Ver 19 0 1084 56 m\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Firefox 4 0 1\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Hosts file not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-500..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files (x86)\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/micr...?1343725396718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1343725372703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\D J RAC\Desktop\pics all\el paso - cd juarez from space.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\D J RAC\Desktop\pics all\el paso - cd juarez from space.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/28 05:43:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13f32b4a-303f-11e2-a8a1-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{13f32b4a-303f-11e2-a8a1-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13f32b4a-303f-11e2-a8a1-00e04d1c5274}\Shell\AutoRun\command - "" = E:\UEZLink.exe
O33 - MountPoints2\{33184909-35c6-11e2-833a-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{33184909-35c6-11e2-833a-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33184909-35c6-11e2-833a-00e04d1c5274}\Shell\AutoRun\command - "" = G:\UEZLink.exe
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\splash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVGANT~1\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/12 11:02:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2013/02/03 15:36:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D J RAC\Recent
[2013/02/03 10:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\erunt back ups
[2013/02/03 10:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/02/03 10:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/03 10:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\dds
[2013/02/01 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\creds
[2013/01/25 23:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\mexichilen
[2013/01/19 19:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/19 19:55:35 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/01/19 19:55:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/01/19 19:55:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/01/19 19:55:15 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/01/19 19:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\java temp & cache files
[2013/01/18 02:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\utube
========== Files - Modified Within 30 Days ==========
[2013/02/12 21:33:10 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/12 21:30:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/12 19:48:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\MBR.dat
[2013/02/12 07:15:40 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2013/02/03 10:22:03 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/03 10:21:45 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\ERUNT.lnk
[2013/01/26 23:06:20 | 000,000,202 | ---- | M] () -- C:\WINDOWS\youtube2mp3.ini
[2013/01/26 00:15:48 | 012,816,744 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\Musica Nortena.flv
[2013/01/25 17:02:40 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 18:41:32 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_Prisci & Vane.job
[2013/01/19 19:55:02 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/01/19 19:55:01 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013/01/19 19:55:01 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2013/01/19 19:55:01 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/01/19 19:55:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/01/19 19:55:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/01/19 19:55:01 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2013/01/18 00:25:00 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\d3d9caps.dat
[2013/01/15 13:05:15 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\D J RAC\My Documents\Default.PLS
========== Files Created - No Company Name ==========
[2013/02/12 16:03:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\MBR.dat
[2013/02/03 10:22:03 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/03 10:21:45 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\ERUNT.lnk
[2013/01/26 00:11:57 | 012,816,744 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\Musica Nortena.flv
[2013/01/24 18:41:31 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_Prisci & Vane.job
[2013/01/22 19:43:01 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2012/12/30 20:03:13 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\d3d9caps.dat
[2012/12/27 23:23:48 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/12/03 20:41:46 | 000,291,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/02 12:04:58 | 000,000,173 | ---- | C] () -- C:\WINDOWS\muma7.INI
[2012/11/02 12:00:17 | 000,000,175 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2012/11/02 11:58:02 | 000,056,832 | ---- | C] () -- C:\WINDOWS\SysWow64\Iyvu9_32.dll
[2012/11/02 11:57:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll
[2012/11/02 11:54:49 | 000,000,086 | ---- | C] () -- C:\WINDOWS\magix.ini
[2012/10/27 20:55:54 | 000,000,202 | ---- | C] () -- C:\WINDOWS\youtube2mp3.ini
[2012/10/17 18:21:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\NVCPL.DLL
[2012/10/14 22:15:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\IMAPI.EXE
[2012/08/29 08:48:37 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/08/29 08:48:37 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/08/29 08:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/08/29 08:46:04 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2012/08/23 02:53:01 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\dt.dat
[2012/01/25 17:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/24 14:08:44 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 18:20:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/06 18:20:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/30 22:55:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/29 21:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 13:52:03 | 000,593,378 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/04/28 07:20:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2011/04/28 07:20:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\RtlCPAPI.dll
[2011/04/28 07:20:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2011/04/28 05:48:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/27 21:48:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== ZeroAccess Check ==========
[2011/04/29 13:51:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 10:05:50 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5547042D
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >
Originally Posted by joselepiu
