View Full Version : Need help - XP Pro x64 Edition Ver 2003.
joselepiu
2012-06-03, 04:15
Hello again its been a while since the last time I requested help here.
My computer is running on XP Pro x64 Edition Ver 2003 Service Pack 2.
I have read the ""before you post"" instructions and tried to run the dds tool, but i got a little pop-up window with a message about my system not been supported.
Before I tried to ran the dds tool I ran erunt.
My problem right now is that my computer is really really slow, it used to boot up in about a minute & 1 / 2, from the time I push the on button till I could use anything. Now it takes up 3 or 4 minutes.
This started after I got my facebook acount hacked, they sent out a bunch of messages to all my friends on my facebook account and posted a lot of links for porn sites on their walls. Well getting back to my computer, right after I guess everthing is boot up, the internet explorer browser opens for less than a second and closes, it just opens & closes right away.
I have checked on the windows task manager after it closes, but their is no indication that is still open, also any page on the internet it takes for ever to open I use google chrome and firefox. The internet explorer I use it only for microsoft / windows updates nothing more.
I use CC Cleaner, Spybot S & D, Malwarebites, A V G, Auslogics Disk Defrag, and Auslogics Registry Defrag at least twice a week and everything is up to date.
Hope someone can help me out.
Thanks.
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
joselepiu
2012-06-11, 04:16
Thanks for your reply, but like as I already stated Im running XP Pro x64 Edition Ver 2003 Service Pack 2 on my computer. I already tried to run the program you have mention with no result, my system is not supported by such a program (dds). Any other ideas?.
Here is a quote from my original post:
""I have read the ""before you post"" instructions and tried to run the dds tool, but i got a little pop-up window with a message about my system not been supported.""
It is the 3rd sentence on my post.
Good Morning,
I was thinking that possibly your DDS download may have been corrupted so I posted instructions for downloading it again. You stated ERUNT ran. Also sometimes malware will prevent a program from running.
Auslogics Registry Defrag <--Lets hope this program didn't cause some damage, we dont recommend any type of registry cleaners
Lets try another scanner. I am going to see what tools will and will not run on XP 64bit, I have not come across this before. If you find it hard to download them, try using a known clean computer and transfer them by disk
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Still with me, both of those programs should run don your system
joselepiu
2012-06-14, 02:45
Tried to run the aswMBR program but I received i pop-up message that reads:
"""''This application can use Avast! Free Antivirus for scanning. It is recommneded to download it for better detection results. Would you like to download latest Avast! virues definitions?""...
Should I download it? or not?...
And here I have the other scan results from the OTL program:
OTL logfile created on: 6/13/2012 5:13:39 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\D J RAC\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 81.74% Memory free
13.29 Gb Paging File | 12.75 Gb Available in Paging File | 95.94% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 84.91 Gb Free Space | 18.23% Space Free | Partition Type: NTFS
Computer Name: FAM-PUTTER | User Name: D J RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\D J RAC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
========== Win32 Services (SafeList) ==========
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (JavaQuickStarterService) -- C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
========== Driver Services (SafeList) ==========
DRV - (DrvAgent64) -- C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (BIOS) -- C:\WINDOWS\SysWOW64\Drivers\BIOS64.sys (BIOSTAR Group)
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)
DRV - (PxHelp64) -- C:\WINDOWS\SysWOW64\Drivers\pxhelp64.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:[b]64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes,DefaultScope = {9B9DB46E-1D45-4CF6-8145-BB8C8DB9A2E5}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{30BC77FE-4B53-41DD-9969-75CC51DDB96C}: "URL" = http://search.avg.com/route/?d=4dbb5d33&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41691B8C-AB8D-4A20-8E6D-E0B17D6AAB59}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2011-12-19 10:01:31&v=9.0.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{9B9DB46E-1D45-4CF6-8145-BB8C8DB9A2E5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A860c879f-cfa2-4481-8a7b-abebafec9ff8&locale=us"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG2012\Firefox4\ [2012/05/29 14:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\ [2012/06/12 01:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG2012\Firefox\DoNotTrack\ [2012/05/16 02:24:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Firefox 4 0 1\components [2011/08/21 13:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Firefox 4 0 1\plugins [2012/06/03 01:38:27 | 000,000,000 | ---D | M]
[2011/04/29 22:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Extensions
[2012/04/07 17:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions
[2012/01/24 08:50:55 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/04/07 17:15:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/29 12:05:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.0.0.9
[2012/01/24 08:50:52 | 000,031,123 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\D J RAC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6C58IEX6.DEFAULT\EXTENSIONS\{2A1D5949-B519-4924-BF62-8522FE0D5274}.XPI
[2012/05/16 02:24:52 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG2012\FIREFOX\DONOTTRACK
[2012/05/29 14:17:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG2012\FIREFOX4
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Firefox 4 0 1\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Firefox 4 0 1\plugins\npwachk.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Hosts file not found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD RADEON HD 6450\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files (x86)\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304050829321 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304233757796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/28 06:43:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\splash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 360 Days ==========
[2012/06/13 03:12:39 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D J RAC\Desktop\OTL.exe
[2012/06/12 01:12:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2012/06/11 01:09:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D J RAC\Recent
[2012/06/06 10:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink ver 3 2 0 15
[2012/06/06 10:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2012/06/06 10:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink ver 3 2 0 15
[2012/06/03 23:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Sun
[2012/06/03 01:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 01:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/03 01:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\Oracle
[2012/06/03 01:38:28 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/06/03 01:38:27 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/06/03 01:38:27 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/06/03 01:37:44 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/06/03 01:37:44 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/06/02 19:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/02 00:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/02 00:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/02 00:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\spybot progs
[2012/05/29 14:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012/05/25 14:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis 2 0 2
[2012/05/17 14:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\spotify cache
[2012/05/15 03:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\Unity
[2012/05/15 01:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Unity
[2012/05/14 01:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 8 1 7 8 Qt
[2012/05/14 01:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 8 1 7 8 Qt
[2012/05/12 01:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/05/09 08:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Spotify
[2012/05/09 08:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\Spotify
[2012/04/30 03:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\AVG Secure Search
[2012/04/19 01:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\pics software
[2012/04/10 02:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/04/10 02:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/10 02:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google
[2012/04/01 22:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/23 00:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook
[2012/03/14 11:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Identities
[2012/03/12 20:41:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\D J RAC\My Documents\My Data Sources
[2012/03/09 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2012/03/09 19:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 8 1 6 3
[2012/03/09 19:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 8 1 6 3
[2012/03/07 19:08:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2012/03/07 19:08:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\url.dll
[2012/03/07 02:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/28 22:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/28 22:09:02 | 000,086,683 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\SysWow64\pthreadGC2.dll
[2012/02/28 22:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AoA Audio Extractor 2 2 8
[2012/02/28 22:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AoA Audio Extractor 2 2 8
[2012/02/16 23:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/02/16 23:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/02/10 02:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\cpuz 151
[2012/01/29 19:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\My Documents\Chameleon files
[2012/01/25 21:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\Always On Top
[2012/01/25 18:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\ATI
[2012/01/25 18:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\ATI
[2012/01/25 18:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/01/25 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/01/25 18:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/01/25 18:29:15 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
[2012/01/25 18:29:14 | 004,669,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
[2012/01/25 18:29:14 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
[2012/01/25 18:29:14 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
[2012/01/25 18:29:10 | 017,444,864 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
[2012/01/25 18:29:09 | 000,200,704 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
[2012/01/25 18:29:09 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
[2012/01/25 18:29:07 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\SysWow64\atipdlxx.dll
[2012/01/25 18:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD RADEON HD 6450
[2012/01/25 18:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/01/25 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\AMD RADEON HD 6450
[2012/01/21 02:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\External
[2012/01/20 02:25:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\D J RAC\My Documents\My Videos
[2012/01/19 13:55:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\cache
[2012/01/16 13:07:08 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS
[2012/01/16 13:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\eSupport.com
[2012/01/15 14:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/15 14:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner 3 14 1616
[2011/12/31 20:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\2gb from letys cell
[2011/12/24 15:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\from camara
[2011/12/23 01:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\AVG
[2011/12/19 11:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\AVG Secure Search
[2011/12/19 11:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/19 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/12/19 11:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/19 10:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\AVG2012
[2011/12/19 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/19 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG2012
[2011/12/08 23:31:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/12/05 17:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/12/05 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free DVD Decrypter Ver 1 5 6
[2011/12/05 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011/12/05 17:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\My Documents\DVDVideoSoft
[2011/11/04 06:13:36 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSCOMCTL.OCX
[2011/10/25 22:20:08 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2011/10/18 10:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\dvd from tv
[2011/09/26 13:10:44 | 000,615,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uiautomationcore.dll
[2011/09/26 13:06:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oleaccrc.dll
[2011/09/02 15:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 8 1 1 2
[2011/09/02 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 8 1 1 2
[2011/08/26 21:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Temp
[2011/08/26 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/08 05:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/07/08 05:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/07/08 05:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/07/08 05:22:13 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2011/07/08 05:22:13 | 005,332,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll
[2011/07/08 05:22:13 | 002,808,936 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll
[2011/07/08 05:22:13 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll
[2011/07/08 05:22:13 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2011/07/08 05:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/07/08 05:20:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/07/08 05:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/07/08 05:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\SystemRequirementsLab
[2011/07/08 05:01:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
========== Files - Modified Within 360 Days ==========
[2012/06/13 05:10:16 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 05:09:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/13 04:25:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 03:44:02 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002UA.job
[2012/06/13 03:12:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D J RAC\Desktop\OTL.exe
[2012/06/12 01:13:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2012/06/11 00:44:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002Core.job
[2012/06/10 01:16:58 | 001,067,062 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\vaca.bmp
[2012/06/06 10:20:15 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2012/06/04 19:27:02 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\DVD-CD X.lnk
[2012/06/03 01:37:30 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/06/03 01:37:30 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/06/02 20:09:34 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/02 00:39:50 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/02 00:39:44 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/27 17:00:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 02:45:26 | 003,037,982 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\HP Pavilion dv7t Quad Edition customizable Notebook PC.bmp
[2012/05/25 18:59:21 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\D J RAC\My Documents\Default.PLS
[2012/05/25 14:56:23 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[2012/05/20 18:37:14 | 000,001,927 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\Google Chrome.lnk
[2012/05/14 01:30:57 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 8 1 7 8 Qt.lnk
[2012/05/12 10:54:02 | 000,593,378 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/05/09 09:02:17 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk
[2012/04/19 01:03:58 | 000,177,639 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.jpg
[2012/04/19 00:12:21 | 024,253,890 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.bmp
[2012/04/18 23:54:24 | 060,000,054 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\javana.bmp
[2012/04/10 02:24:51 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/04/04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/04/04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/04/04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2012/04/01 22:40:01 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/29 07:43:18 | 001,176,438 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\laptop program files.bmp
[2012/03/09 19:57:53 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab Profile Editor.lnk
[2012/03/07 19:08:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2012/03/07 19:08:42 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2012/03/07 19:08:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\occache.dll
[2012/03/07 19:08:42 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2012/03/07 19:08:42 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ie4uinit.exe
[2012/03/07 19:08:42 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\url.dll
[2012/03/07 19:08:42 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2012/03/07 19:08:42 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\licmgr10.dll
[2012/02/28 22:24:51 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AoA Audio Extractor.lnk
[2012/02/06 19:23:50 | 072,166,876 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\Madonna ~ Halftime Super Bowl XLVI.mp4
[2012/01/25 18:37:46 | 000,007,792 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/01/25 18:29:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/16 13:07:08 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS
[2012/01/15 14:38:26 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner 3 14 1616.lnk
[2011/12/23 01:31:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/12/23 01:31:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/12/19 12:47:34 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/12/05 17:29:54 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Free DVD Decrypter.lnk
[2011/11/20 12:03:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\packager.exe
[2011/11/17 14:17:26 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tzchange.exe
[2011/11/14 19:07:20 | 001,278,976 | ---- | M] () -- C:\WINDOWS\SysWow64\quartz.dll
[2011/11/14 19:07:20 | 000,385,536 | ---- | M] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2011/11/04 06:13:36 | 001,070,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSCOMCTL.OCX
[2011/10/25 22:20:08 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2011/10/15 02:45:10 | 000,396,800 | ---- | M] () -- C:\WINDOWS\SysWow64\encdec.dll
[2011/10/15 02:34:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mciseq.dll
[2011/10/03 10:37:02 | 000,057,667 | ---- | M] () -- C:\WINDOWS\SysWow64\ieuinit.inf
[2011/09/26 13:10:44 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uiautomationcore.dll
[2011/09/26 13:06:52 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oleaccrc.dll
[2011/09/13 02:37:30 | 023,070,720 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\VTS_011_1.VOB
[2011/08/13 14:36:51 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
========== Files Created - No Company Name ==========
[2012/06/10 01:16:58 | 001,067,062 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\vaca.bmp
[2012/06/06 10:20:15 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2012/06/02 00:39:50 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/02 00:39:44 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/27 02:43:13 | 003,037,982 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\HP Pavilion dv7t Quad Edition customizable Notebook PC.bmp
[2012/05/25 14:56:23 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[2012/05/14 01:30:57 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 8 1 7 8 Qt.lnk
[2012/05/09 09:02:17 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk
[2012/05/09 08:51:19 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Spotify.lnk
[2012/04/19 00:33:03 | 000,177,639 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.jpg
[2012/04/19 00:11:36 | 024,253,890 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.bmp
[2012/04/18 23:54:23 | 060,000,054 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\javana.bmp
[2012/04/10 02:24:51 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\Google Chrome.lnk
[2012/04/10 02:24:51 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/10 02:20:46 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 02:20:45 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 22:40:01 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/29 07:43:18 | 001,176,438 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\laptop program files.bmp
[2012/03/23 00:39:28 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002UA.job
[2012/03/23 00:39:28 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002Core.job
[2012/03/09 19:57:53 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab Profile Editor.lnk
[2012/02/28 22:24:51 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AoA Audio Extractor.lnk
[2012/02/06 19:08:04 | 072,166,876 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\Madonna ~ Halftime Super Bowl XLVI.mp4
[2012/01/25 18:37:46 | 000,007,792 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/01/25 18:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/25 18:29:42 | 000,030,831 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2012/01/16 13:34:30 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/15 14:38:26 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner 3 14 1616.lnk
[2011/12/24 15:08:44 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 01:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/12/23 01:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/12/19 12:47:34 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/12/05 17:29:54 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Free DVD Decrypter.lnk
[2011/09/13 02:40:30 | 023,070,720 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\VTS_011_1.VOB
[2011/08/26 21:15:45 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/06 19:20:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/06 19:20:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/30 23:55:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/29 22:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 14:52:03 | 000,593,378 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/04/28 08:20:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2011/04/28 08:20:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\RtlCPAPI.dll
[2011/04/28 08:20:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2011/04/28 06:48:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/27 22:48:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== LOP Check ==========
[2012/06/12 01:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/21 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/04/29 18:52:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/09 19:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2012/06/13 03:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/16 23:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/05/12 01:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/02/16 23:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/05/12 02:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/02 00:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\Auslogics
[2011/12/19 11:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\AVG Secure Search
[2011/12/19 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\AVG2012
[2011/05/01 23:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\IObit
[2012/06/03 01:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\Oracle
[2012/06/13 04:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\Spotify
[2011/07/08 05:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\SystemRequirementsLab
[2012/05/15 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D J RAC\Application Data\Unity
[2011/12/19 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lety\Application Data\AVG2012
[2012/01/20 18:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prisci & Vane\Application Data\AVG Secure Search
[2011/12/19 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prisci & Vane\Application Data\AVG2012
[2012/06/11 00:44:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002Core.job
[2012/06/13 03:44:02 | 000,001,006 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002UA.job
[2012/06/13 05:08:16 | 000,032,548 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5547042D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >
joselepiu
2012-06-14, 02:47
OTL Extras logfile created on: 6/13/2012 5:13:39 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\D J RAC\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 81.74% Memory free
13.29 Gb Paging File | 12.75 Gb Available in Paging File | 95.94% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 84.91 Gb Free Space | 18.23% Space Free | Partition Type: NTFS
Computer Name: FAM-PUTTER | User Name: D J RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox 4 0 1\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG 10\avgmfapx.exe" = C:\Program Files (x86)\AVG 10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" = C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files (x86)\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe" = C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe:*:Enabled:CNET Download.com Installer -- (CNET Download.com)
"C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files (x86)\AVG2012\avgnsa.exe" = C:\Program Files (x86)\AVG2012\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgdiagex.exe" = C:\Program Files (x86)\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgemca.exe" = C:\Program Files (x86)\AVG2012\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG 10\avgmfapx.exe" = C:\Program Files (x86)\AVG 10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" = C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files (x86)\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe" = C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe:*:Enabled:CNET Download.com Installer -- (CNET Download.com)
"C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files (x86)\AVG2012\avgnsa.exe" = C:\Program Files (x86)\AVG2012\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgdiagex.exe" = C:\Program Files (x86)\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgemca.exe" = C:\Program Files (x86)\AVG2012\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{44EBCA98-13BE-C362-44B1-DAA8637B457F}" = ATI Catalyst Install Manager
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{8A51974A-BC28-9DBD-1E7C-E26BC5801A0C}" = ATI Problem Report Wizard
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D82AB192-97D8-314A-E32A-C737007C44DF}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12C8210C-03E8-7BC1-EE7D-899FCB21952A}" = CCC Help Polish
"{16A606A9-23B7-66F1-B590-D88515DB834C}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{242EF09F-9015-8E7D-F859-7A26774710CB}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3881A7DF-5C69-1B39-8B1A-B03B536F5D4B}" = CCC Help German
"{4483C7C9-71DC-6475-EE0E-A81853CE6F7E}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DEBE989-DDBE-8B43-98B8-F905D21CBF67}" = CCC Help Thai
"{5685D9EE-AB7A-EBEB-9616-3256893946A1}" = CCC Help Czech
"{598654C2-2D78-755E-CE0E-9877AF9515D4}" = CCC Help Danish
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6114165B-2D74-A070-7E0B-9916FFF272A5}" = CCC Help Turkish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C7F61CA-5235-5DEF-10A7-1A5E24179FA5}" = CCC Help Finnish
"{6F1C68EB-4705-0734-7DF2-E24C9189FE01}" = Skins
"{7BFAAD5C-D205-B9C8-240D-9F7B90377AD5}" = Catalyst Control Center Graphics Previews Common
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{892633C9-8E7A-EC40-5F5A-20474EA2B628}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96D86403-526D-D80C-45A0-95247BCA3A07}" = CCC Help Dutch
"{98F49D4B-E0E1-E62B-EECD-824A0938C395}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3071E80-EABB-331D-F04D-936EAA550AF3}" = CCC Help Spanish
"{A7A82233-F0EF-DB16-E2D4-C495B5697503}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD7E3797-EA09-9574-2C28-40706167A168}" = CCC Help Korean
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B50EC7AF-DAD8-CC81-5637-0F082DA737A8}" = CCC Help Japanese
"{BF6DAEB2-C4CD-7D11-6823-6DB7204EAFC2}" = CCC Help Hungarian
"{BFFDBAB7-A2C3-18EB-34C4-D02DCA49871C}" = CCC Help Russian
"{CEE760C7-4EDC-D453-5060-1B1500FA9E75}" = CCC Help Swedish
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E186F8F5-BB0B-AEDD-42D4-D8F212AAE91E}" = CCC Help Norwegian
"{EC0B0F9B-1A7A-1ADC-A64D-D43B10891897}" = Catalyst Control Center
"{F06098DC-F984-719B-94E3-F498B3514C4D}" = CCC Help Greek
"{F6AE9AA9-82C0-CBA6-4E35-8D0739F563DD}" = CCC Help Portuguese
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD85732F-EB7D-5CF8-5DF9-E0FF381F3856}" = Catalyst Control Center Localization All
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ERUNT_is1" = ERUNT 1.1j
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.6.908
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"SystemRequirementsLab" = System Requirements Lab
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/1/2012 9:12:11 AM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/1/2012 7:32:04 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/1/2012 7:41:31 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/1/2012 9:17:27 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/2/2012 3:09:49 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/2/2012 9:50:49 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/3/2012 3:38:27 AM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/5/2012 8:44:08 PM | Computer Name = FAM-PUTTER | Source = Google Update | ID = 20
Description =
Error - 6/5/2012 11:44:07 PM | Computer Name = FAM-PUTTER | Source = Google Update | ID = 20
Description =
Error - 6/6/2012 2:44:05 PM | Computer Name = FAM-PUTTER | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 6/13/2012 5:04:53 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 5:04:53 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:09:44 AM | Computer Name = FAM-PUTTER | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\PxHelp64.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 6/13/2012 7:09:57 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.
Error - 6/13/2012 7:09:57 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:09:57 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:10:09 AM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHelp64
Error - 6/13/2012 7:10:16 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.
Error - 6/13/2012 7:10:16 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:10:16 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .
< End of report >
Thanks again for you help...
joselepiu
2012-06-14, 02:50
OTL Extras logfile created on: 6/13/2012 5:13:39 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\D J RAC\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 81.74% Memory free
13.29 Gb Paging File | 12.75 Gb Available in Paging File | 95.94% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 84.91 Gb Free Space | 18.23% Space Free | Partition Type: NTFS
Computer Name: FAM-PUTTER | User Name: D J RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox 4 0 1\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG 10\avgmfapx.exe" = C:\Program Files (x86)\AVG 10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" = C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files (x86)\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe" = C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe:*:Enabled:CNET Download.com Installer -- (CNET Download.com)
"C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files (x86)\AVG2012\avgnsa.exe" = C:\Program Files (x86)\AVG2012\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgdiagex.exe" = C:\Program Files (x86)\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgemca.exe" = C:\Program Files (x86)\AVG2012\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG 10\avgmfapx.exe" = C:\Program Files (x86)\AVG 10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe" = C:\Program Files (x86)\WINamp Ver 5 6 1\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\D J RAC\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files (x86)\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe" = C:\Documents and Settings\D J RAC\Desktop\Always On Top\Chameleon Win Mngr Lite Ver 1 1 0 131.exe:*:Enabled:CNET Download.com Installer -- (CNET Download.com)
"C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files (x86)\AVG2012\avgnsa.exe" = C:\Program Files (x86)\AVG2012\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgdiagex.exe" = C:\Program Files (x86)\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG2012\avgemca.exe" = C:\Program Files (x86)\AVG2012\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{44EBCA98-13BE-C362-44B1-DAA8637B457F}" = ATI Catalyst Install Manager
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{8A51974A-BC28-9DBD-1E7C-E26BC5801A0C}" = ATI Problem Report Wizard
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D82AB192-97D8-314A-E32A-C737007C44DF}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12C8210C-03E8-7BC1-EE7D-899FCB21952A}" = CCC Help Polish
"{16A606A9-23B7-66F1-B590-D88515DB834C}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{242EF09F-9015-8E7D-F859-7A26774710CB}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3881A7DF-5C69-1B39-8B1A-B03B536F5D4B}" = CCC Help German
"{4483C7C9-71DC-6475-EE0E-A81853CE6F7E}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DEBE989-DDBE-8B43-98B8-F905D21CBF67}" = CCC Help Thai
"{5685D9EE-AB7A-EBEB-9616-3256893946A1}" = CCC Help Czech
"{598654C2-2D78-755E-CE0E-9877AF9515D4}" = CCC Help Danish
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6114165B-2D74-A070-7E0B-9916FFF272A5}" = CCC Help Turkish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C7F61CA-5235-5DEF-10A7-1A5E24179FA5}" = CCC Help Finnish
"{6F1C68EB-4705-0734-7DF2-E24C9189FE01}" = Skins
"{7BFAAD5C-D205-B9C8-240D-9F7B90377AD5}" = Catalyst Control Center Graphics Previews Common
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{892633C9-8E7A-EC40-5F5A-20474EA2B628}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96D86403-526D-D80C-45A0-95247BCA3A07}" = CCC Help Dutch
"{98F49D4B-E0E1-E62B-EECD-824A0938C395}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3071E80-EABB-331D-F04D-936EAA550AF3}" = CCC Help Spanish
"{A7A82233-F0EF-DB16-E2D4-C495B5697503}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD7E3797-EA09-9574-2C28-40706167A168}" = CCC Help Korean
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B50EC7AF-DAD8-CC81-5637-0F082DA737A8}" = CCC Help Japanese
"{BF6DAEB2-C4CD-7D11-6823-6DB7204EAFC2}" = CCC Help Hungarian
"{BFFDBAB7-A2C3-18EB-34C4-D02DCA49871C}" = CCC Help Russian
"{CEE760C7-4EDC-D453-5060-1B1500FA9E75}" = CCC Help Swedish
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E186F8F5-BB0B-AEDD-42D4-D8F212AAE91E}" = CCC Help Norwegian
"{EC0B0F9B-1A7A-1ADC-A64D-D43B10891897}" = Catalyst Control Center
"{F06098DC-F984-719B-94E3-F498B3514C4D}" = CCC Help Greek
"{F6AE9AA9-82C0-CBA6-4E35-8D0739F563DD}" = CCC Help Portuguese
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD85732F-EB7D-5CF8-5DF9-E0FF381F3856}" = Catalyst Control Center Localization All
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ERUNT_is1" = ERUNT 1.1j
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.6.908
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"SystemRequirementsLab" = System Requirements Lab
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/1/2012 9:12:11 AM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/1/2012 7:32:04 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/1/2012 7:41:31 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/1/2012 9:17:27 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/2/2012 3:09:49 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/2/2012 9:50:49 PM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/3/2012 3:38:27 AM | Computer Name = FAM-PUTTER | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/5/2012 8:44:08 PM | Computer Name = FAM-PUTTER | Source = Google Update | ID = 20
Description =
Error - 6/5/2012 11:44:07 PM | Computer Name = FAM-PUTTER | Source = Google Update | ID = 20
Description =
Error - 6/6/2012 2:44:05 PM | Computer Name = FAM-PUTTER | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 6/13/2012 5:04:53 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 5:04:53 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:09:44 AM | Computer Name = FAM-PUTTER | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\PxHelp64.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 6/13/2012 7:09:57 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.
Error - 6/13/2012 7:09:57 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:09:57 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:10:09 AM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHelp64
Error - 6/13/2012 7:10:16 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.
Error - 6/13/2012 7:10:16 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 6/13/2012 7:10:16 AM | Computer Name = FAM-PUTTER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .
< End of report >
Thanks again for your help...
Yes, go and run it, aswMBR is an Avast program and its checking for updates
Lets see what aswMBR finds.
In the meantime OTL did not find a hosts file and this could be part of your problem, this fix will restore it and also clean out all the junk in your temp folders and such.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
joselepiu
2012-06-15, 03:06
Hello, here are the new logs that you've asked for...
joselepiu
2012-06-15, 03:07
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-14 12:59:14
-----------------------------
12:59:14.875 OS Version: Windows x64 5.2.3790 Service Pack 2
12:59:14.875 Number of processors: 2 586 0x2B01
12:59:14.890 ComputerName: FAM-PUTTER UserName: D J RAC
12:59:16.625 Initialize success
12:59:29.171 AVAST engine defs: 12061400
12:59:36.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:59:36.421 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
12:59:36.453 Disk 0 MBR read successfully
12:59:36.453 Disk 0 MBR scan
12:59:36.515 Disk 0 Windows XP default MBR code
12:59:36.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
12:59:36.578 Disk 0 scanning C:\WINDOWS\system32\drivers
12:59:49.828 Service scanning
13:00:16.890 Modules scanning
13:00:16.890 Disk 0 trace - called modules:
13:00:16.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
13:00:16.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadfa273f060]
13:00:16.921 3 CLASSPNP.SYS[fffffadf9740a8c9] -> nt!IofCallDriver -> \Device\00000066[0xfffffadfa2cc0a00]
13:00:16.937 5 ACPI.sys[fffffadf975a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0xfffffadfa24abc30]
13:00:18.796 AVAST engine scan C:\
17:41:32.734 Scan finished successfully
18:28:08.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\D J RAC\Desktop\MBR.dat"
18:28:08.765 The log file has been saved successfully to "C:\Documents and Settings\D J RAC\Desktop\01 aswMBR.txt"
joselepiu
2012-06-15, 03:08
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\D J RAC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\D J RAC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: D J RAC
->Temp folder emptied: 2632417 bytes
->Temporary Internet Files folder emptied: 884870 bytes
->Java cache emptied: 27951 bytes
->FireFox cache emptied: 49180541 bytes
->Google Chrome cache emptied: 6193725 bytes
->Flash cache emptied: 993 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33651 bytes
User: Lety
->Temp folder emptied: 1166430 bytes
->Temporary Internet Files folder emptied: 1581858 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 139895736 bytes
->Flash cache emptied: 1875 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Prisci & Vane
->Temp folder emptied: 2999128 bytes
->Temporary Internet Files folder emptied: 375970 bytes
->Java cache emptied: 189425 bytes
->FireFox cache emptied: 267238895 bytes
->Google Chrome cache emptied: 379094005 bytes
->Flash cache emptied: 28625 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12102161 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 824.00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06142012_113957
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
joselepiu
2012-06-15, 03:09
OTL logfile created on: 6/14/2012 6:30:18 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\D J RAC\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 74.33% Memory free
13.29 Gb Paging File | 12.51 Gb Available in Paging File | 94.13% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 85.54 Gb Free Space | 18.37% Space Free | Partition Type: NTFS
Computer Name: FAM-PUTTER | User Name: D J RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\D J RAC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
========== Win32 Services (SafeList) ==========
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (JavaQuickStarterService) -- C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
========== Driver Services (SafeList) ==========
DRV - (DrvAgent64) -- C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (BIOS) -- C:\WINDOWS\SysWOW64\Drivers\BIOS64.sys (BIOSTAR Group)
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)
DRV - (PxHelp64) -- C:\WINDOWS\SysWOW64\Drivers\pxhelp64.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:[b]64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {9B9DB46E-1D45-4CF6-8145-BB8C8DB9A2E5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{30BC77FE-4B53-41DD-9969-75CC51DDB96C}: "URL" = http://search.avg.com/route/?d=4dbb5d33&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41691B8C-AB8D-4A20-8E6D-E0B17D6AAB59}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2011-12-19 10:01:31&v=9.0.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9B9DB46E-1D45-4CF6-8145-BB8C8DB9A2E5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A860c879f-cfa2-4481-8a7b-abebafec9ff8&locale=us"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\D J RAC\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG2012\Firefox4\ [2012/05/29 14:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\ [2012/06/12 01:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG2012\Firefox\DoNotTrack\ [2012/05/16 02:24:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Firefox 4 0 1\components [2011/08/21 13:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Firefox 4 0 1\plugins [2012/06/03 01:38:27 | 000,000,000 | ---D | M]
[2011/04/29 22:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Extensions
[2012/04/07 17:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions
[2012/01/24 08:50:55 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/04/07 17:15:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/29 12:05:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.0.0.9
[2012/01/24 08:50:52 | 000,031,123 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\D J RAC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6C58IEX6.DEFAULT\EXTENSIONS\{2A1D5949-B519-4924-BF62-8522FE0D5274}.XPI
[2012/05/16 02:24:52 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG2012\FIREFOX\DONOTTRACK
[2012/05/29 14:17:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG2012\FIREFOX4
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Firefox 4 0 1\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Firefox 4 0 1\plugins\npwachk.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Hosts file not found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD RADEON HD 6450\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files (x86)\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304050829321 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304233757796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/28 06:43:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\splash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 180 Days ==========
[2012/06/14 11:39:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/13 03:12:39 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D J RAC\Desktop\OTL.exe
[2012/06/12 01:12:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2012/06/11 01:09:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D J RAC\Recent
[2012/06/06 10:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink ver 3 2 0 15
[2012/06/06 10:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2012/06/06 10:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink ver 3 2 0 15
[2012/06/03 23:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Sun
[2012/06/03 01:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 01:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/03 01:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\Oracle
[2012/06/03 01:38:28 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/06/03 01:38:27 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/06/03 01:38:27 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/06/03 01:37:44 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/06/03 01:37:44 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/06/02 19:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/02 00:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/02 00:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/02 00:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\spybot progs
[2012/05/29 14:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012/05/25 14:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis 2 0 2
[2012/05/17 14:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\spotify cache
[2012/05/15 03:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\Unity
[2012/05/15 01:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Unity
[2012/05/14 01:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 8 1 7 8 Qt
[2012/05/14 01:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 8 1 7 8 Qt
[2012/05/12 01:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/05/09 08:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Spotify
[2012/05/09 08:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\Spotify
[2012/04/30 03:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\AVG Secure Search
[2012/04/19 01:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\pics software
[2012/04/10 02:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/04/10 02:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/10 02:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google
[2012/04/01 22:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/23 00:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Facebook
[2012/03/14 11:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\Identities
[2012/03/12 20:41:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\D J RAC\My Documents\My Data Sources
[2012/03/09 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2012/03/09 19:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 8 1 6 3
[2012/03/09 19:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 8 1 6 3
[2012/03/07 19:08:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2012/03/07 19:08:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\url.dll
[2012/03/07 02:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/28 22:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/28 22:09:02 | 000,086,683 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\SysWow64\pthreadGC2.dll
[2012/02/28 22:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AoA Audio Extractor 2 2 8
[2012/02/28 22:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AoA Audio Extractor 2 2 8
[2012/02/16 23:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/02/16 23:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/02/10 02:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\cpuz 151
[2012/01/29 19:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\My Documents\Chameleon files
[2012/01/25 21:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\Always On Top
[2012/01/25 18:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\ATI
[2012/01/25 18:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\ATI
[2012/01/25 18:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/01/25 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/01/25 18:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/01/25 18:29:15 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
[2012/01/25 18:29:14 | 004,669,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
[2012/01/25 18:29:14 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
[2012/01/25 18:29:14 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
[2012/01/25 18:29:10 | 017,444,864 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
[2012/01/25 18:29:09 | 000,200,704 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
[2012/01/25 18:29:09 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
[2012/01/25 18:29:07 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\SysWow64\atipdlxx.dll
[2012/01/25 18:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD RADEON HD 6450
[2012/01/25 18:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/01/25 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\AMD RADEON HD 6450
[2012/01/21 02:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\External
[2012/01/20 02:25:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\D J RAC\My Documents\My Videos
[2012/01/19 13:55:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\cache
[2012/01/16 13:07:08 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS
[2012/01/16 13:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\eSupport.com
[2012/01/15 14:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/15 14:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner 3 14 1616
[2011/12/31 20:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\2gb from letys cell
[2011/12/24 15:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\from camara
[2011/12/23 01:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\AVG
[2011/12/19 11:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\AVG Secure Search
[2011/12/19 11:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/19 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/12/19 11:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/19 10:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Application Data\AVG2012
[2011/12/19 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/19 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG2012
========== Files - Modified Within 180 Days ==========
[2012/06/14 18:28:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\MBR.dat
[2012/06/14 18:25:11 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 15:44:12 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002UA.job
[2012/06/14 12:12:56 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 12:12:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/14 11:39:50 | 001,644,918 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\untitled.bmp
[2012/06/13 03:12:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D J RAC\Desktop\OTL.exe
[2012/06/12 01:13:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2012/06/11 00:44:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002Core.job
[2012/06/10 01:16:58 | 001,067,062 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\vaca.bmp
[2012/06/06 10:20:15 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2012/06/04 19:27:02 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\DVD-CD X.lnk
[2012/06/03 01:37:30 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2012/06/03 01:37:30 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2012/06/02 20:09:34 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/02 00:39:50 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/02 00:39:44 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/27 17:00:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 02:45:26 | 003,037,982 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\HP Pavilion dv7t Quad Edition customizable Notebook PC.bmp
[2012/05/25 18:59:21 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\D J RAC\My Documents\Default.PLS
[2012/05/25 14:56:23 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[2012/05/20 18:37:14 | 000,001,927 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\Google Chrome.lnk
[2012/05/14 01:30:57 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 8 1 7 8 Qt.lnk
[2012/05/12 10:54:02 | 000,593,378 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/05/09 09:02:17 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk
[2012/04/19 01:03:58 | 000,177,639 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.jpg
[2012/04/19 00:12:21 | 024,253,890 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.bmp
[2012/04/18 23:54:24 | 060,000,054 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\javana.bmp
[2012/04/10 02:24:51 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2012/04/04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2012/04/04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2012/04/04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2012/04/01 22:40:01 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/29 07:43:18 | 001,176,438 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\laptop program files.bmp
[2012/03/09 19:57:53 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab Profile Editor.lnk
[2012/03/07 19:08:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2012/03/07 19:08:42 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2012/03/07 19:08:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\occache.dll
[2012/03/07 19:08:42 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2012/03/07 19:08:42 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ie4uinit.exe
[2012/03/07 19:08:42 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\url.dll
[2012/03/07 19:08:42 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2012/03/07 19:08:42 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\licmgr10.dll
[2012/02/28 22:24:51 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AoA Audio Extractor.lnk
[2012/02/06 19:23:50 | 072,166,876 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\Madonna ~ Halftime Super Bowl XLVI.mp4
[2012/01/25 18:37:46 | 000,007,792 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/01/25 18:29:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/16 13:07:08 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS
[2012/01/15 14:38:26 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner 3 14 1616.lnk
[2011/12/23 01:31:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/12/23 01:31:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/12/19 12:47:34 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
========== Files Created - No Company Name ==========
[2012/06/14 18:28:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\MBR.dat
[2012/06/14 11:39:50 | 001,644,918 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\untitled.bmp
[2012/06/10 01:16:58 | 001,067,062 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\vaca.bmp
[2012/06/06 10:20:15 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2012/06/02 00:39:50 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/02 00:39:44 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/05/27 02:43:13 | 003,037,982 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\HP Pavilion dv7t Quad Edition customizable Notebook PC.bmp
[2012/05/25 14:56:23 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[2012/05/14 01:30:57 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 8 1 7 8 Qt.lnk
[2012/05/09 09:02:17 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk
[2012/05/09 08:51:19 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Spotify.lnk
[2012/04/19 00:33:03 | 000,177,639 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.jpg
[2012/04/19 00:11:36 | 024,253,890 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\javana 01.bmp
[2012/04/18 23:54:23 | 060,000,054 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\javana.bmp
[2012/04/10 02:24:51 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\Google Chrome.lnk
[2012/04/10 02:24:51 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/10 02:20:46 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 02:20:45 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 22:40:01 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/29 07:43:18 | 001,176,438 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\laptop program files.bmp
[2012/03/23 00:39:28 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002UA.job
[2012/03/23 00:39:28 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-334292207-2319730254-1780565897-1002Core.job
[2012/03/09 19:57:53 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab Profile Editor.lnk
[2012/02/28 22:24:51 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AoA Audio Extractor.lnk
[2012/02/06 19:08:04 | 072,166,876 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\Madonna ~ Halftime Super Bowl XLVI.mp4
[2012/01/25 18:37:46 | 000,007,792 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/01/25 18:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/25 18:29:42 | 000,030,831 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2012/01/16 13:34:30 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/15 14:38:26 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner 3 14 1616.lnk
[2011/12/24 15:08:44 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 01:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/12/23 01:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/12/19 12:47:34 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\D J RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/05/06 19:20:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/06 19:20:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/30 23:55:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/29 22:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 14:52:03 | 000,593,378 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/04/28 08:20:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2011/04/28 08:20:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\RtlCPAPI.dll
[2011/04/28 08:20:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2011/04/28 06:48:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/27 22:48:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5547042D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >
Hey,
There is a rash of infections going around now that infect your Master Boot Record, these are the files that boot your computer , they cause redirects and all sorts of problems, but the log from aswMBR looks fine so we dont have any issues in that department.
OTL has restored your Hosts file, how are things running now ?
joselepiu
2012-06-15, 08:26
Its slower than ever... It took almost 5 minutes from the moment that I pressed the power button till I got to the log in page, and another 5 or 6 minutes after I typed my password till I could use it...
Any ideas?...
Let me ask you a few things, how old is this computer ? Prior to your FB account being hacked was it booting up normally ? Have you installed or uninstalled any new hardware or software prior to this happening ?
Lets run another tool to check for a different type of rootkit
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
joselepiu
2012-06-16, 00:49
In answer to your questions:
The compuer is about 6 or 7 years old... Im saving to buy a laptop replacement...
Prior to the hacking of my facebook acct it was booting up what I always tought real fast in comparison to what I have seen in other computers, about 2 or 3 minutes...
Before that, I installed a new gpu, about 3 weeks before all these started with its software...
I ran the ""TDSSKiller"" & it gave me a ""No Threats found"" message...
I found on the same folder a txt file named ""immudebug.log"" its 116 463 KB in size, to me its kind of big for that type of file, what do you think is it safe? is it supposed to be there?...
Here is the log:
16:45:31.0640 1696 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
16:45:32.0515 1696 ============================================================
16:45:32.0515 1696 Current date / time: 2012/06/15 16:45:32.0515
16:45:32.0515 1696 SystemInfo:
16:45:32.0515 1696
16:45:32.0515 1696 OS Version: 5.2.3790 ServicePack: 2.0
16:45:32.0515 1696 Product type: Workstation
16:45:32.0515 1696 ComputerName: FAM-PUTTER
16:45:32.0515 1696 UserName: D J RAC
16:45:32.0515 1696 Windows directory: C:\WINDOWS
16:45:32.0515 1696 System windows directory: C:\WINDOWS
16:45:32.0515 1696 Running under WOW64
16:45:32.0515 1696 Processor architecture: Intel x64
16:45:32.0515 1696 Number of processors: 2
16:45:32.0515 1696 Page size: 0x1000
16:45:32.0515 1696 Boot type: Normal boot
16:45:32.0515 1696 ============================================================
16:45:33.0750 1696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
16:45:33.0828 1696 ============================================================
16:45:33.0828 1696 \Device\Harddisk0\DR0:
16:45:33.0828 1696 MBR partitions:
16:45:33.0828 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
16:45:33.0828 1696 ============================================================
16:45:33.0859 1696 C: <-> \Device\Harddisk0\DR0\Partition0
16:45:33.0859 1696 ============================================================
16:45:33.0859 1696 Initialize success
16:45:33.0859 1696 ============================================================
16:45:41.0906 1508 ============================================================
16:45:41.0906 1508 Scan started
16:45:41.0906 1508 Mode: Manual;
16:45:41.0906 1508 ============================================================
16:45:42.0296 1508 Abiosdsk - ok
16:45:42.0359 1508 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:45:42.0375 1508 ACPI - ok
16:45:42.0406 1508 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:45:42.0406 1508 ACPIEC - ok
16:45:42.0406 1508 adpu160m - ok
16:45:42.0421 1508 adpu320 - ok
16:45:42.0468 1508 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
16:45:42.0484 1508 aec - ok
16:45:42.0531 1508 AeLookupSvc (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
16:45:42.0531 1508 AeLookupSvc - ok
16:45:42.0593 1508 AFD (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
16:45:42.0609 1508 AFD - ok
16:45:42.0609 1508 aic78u2 - ok
16:45:42.0625 1508 aic78xx - ok
16:45:42.0890 1508 ALCXWDM (e355c9e7d0bd98c4d6356a2b61daadec) C:\WINDOWS\system32\drivers\ALCWDM64.SYS
16:45:42.0921 1508 ALCXWDM - ok
16:45:42.0984 1508 Alerter (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
16:45:42.0984 1508 Alerter - ok
16:45:43.0015 1508 ALG (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
16:45:43.0015 1508 ALG - ok
16:45:43.0031 1508 AliIde - ok
16:45:43.0046 1508 AmdIde - ok
16:45:43.0062 1508 AmdK8 (2540324c0c4dfca1d942050fbda55c92) C:\WINDOWS\system32\DRIVERS\amdk8.sys
16:45:43.0062 1508 AmdK8 - ok
16:45:43.0203 1508 APC UPS Service (29deb59de57ea97553b1566f04b39d11) C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe
16:45:43.0203 1508 APC UPS Service - ok
16:45:43.0265 1508 AppMgmt (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
16:45:43.0265 1508 AppMgmt - ok
16:45:43.0281 1508 arc - ok
16:45:43.0390 1508 aspnet_state (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
16:45:43.0390 1508 aspnet_state - ok
16:45:43.0421 1508 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:45:43.0421 1508 AsyncMac - ok
16:45:43.0484 1508 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:45:43.0484 1508 atapi - ok
16:45:43.0484 1508 Atdisk - ok
16:45:43.0609 1508 Ati HotKey Poller (0dad7395184b8c7abc9f596fd0af9704) C:\WINDOWS\system32\Ati2evxx.exe
16:45:43.0625 1508 Ati HotKey Poller - ok
16:45:44.0218 1508 ati2mtag (b73ddb154e45d4a0ae8f91a5b490fd5f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:45:44.0296 1508 ati2mtag - ok
16:45:44.0406 1508 AtiHDAudioService (c208e4fdaa9d05215b438b879dd449fa) C:\WINDOWS\system32\drivers\AtihdXP6.sys
16:45:44.0406 1508 AtiHDAudioService - ok
16:45:44.0468 1508 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:45:44.0468 1508 Atmarpc - ok
16:45:44.0515 1508 AudioSrv (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
16:45:44.0515 1508 AudioSrv - ok
16:45:44.0562 1508 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:45:44.0562 1508 audstub - ok
16:45:44.0609 1508 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\WINDOWS\system32\DRIVERS\avgidsha.sys
16:45:44.0609 1508 AVGIDSHA - ok
16:45:44.0671 1508 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\WINDOWS\system32\DRIVERS\avgldx64.sys
16:45:44.0687 1508 Avgldx64 - ok
16:45:44.0703 1508 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
16:45:44.0703 1508 Avgmfx64 - ok
16:45:44.0734 1508 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
16:45:44.0734 1508 Avgrkx64 - ok
16:45:44.0796 1508 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\WINDOWS\system32\DRIVERS\avgtdia.sys
16:45:44.0796 1508 Avgtdia - ok
16:45:44.0906 1508 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG2012\avgwdsvc.exe
16:45:44.0906 1508 avgwd - ok
16:45:44.0953 1508 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
16:45:44.0953 1508 Beep - ok
16:45:44.0984 1508 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\WINDOWS\system32\drivers\BIOS64.sys
16:45:44.0984 1508 BIOS - ok
16:45:45.0046 1508 BITS (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
16:45:45.0046 1508 BITS - ok
16:45:45.0125 1508 Browser (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
16:45:45.0125 1508 Browser - ok
16:45:45.0171 1508 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
16:45:45.0171 1508 CdaC15BA - ok
16:45:45.0187 1508 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
16:45:45.0187 1508 CdaD10BA - ok
16:45:45.0203 1508 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
16:45:45.0218 1508 Cdfs - ok
16:45:45.0265 1508 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:45:45.0265 1508 Cdrom - ok
16:45:45.0265 1508 Changer - ok
16:45:45.0296 1508 CiSvc (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
16:45:45.0296 1508 CiSvc - ok
16:45:45.0328 1508 ClipSrv (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
16:45:45.0328 1508 ClipSrv - ok
16:45:45.0421 1508 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:45.0437 1508 clr_optimization_v2.0.50727_32 - ok
16:45:45.0515 1508 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:45:45.0515 1508 clr_optimization_v2.0.50727_64 - ok
16:45:45.0593 1508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:45:45.0593 1508 clr_optimization_v4.0.30319_32 - ok
16:45:45.0640 1508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:45:45.0640 1508 clr_optimization_v4.0.30319_64 - ok
16:45:45.0656 1508 CmdIde - ok
16:45:45.0671 1508 Compbatt (35f6977863f97d80d3e30f8ff0c293a4) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:45:45.0671 1508 Compbatt - ok
16:45:45.0671 1508 COMSysApp - ok
16:45:45.0734 1508 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
16:45:45.0734 1508 crcdisk - ok
16:45:45.0796 1508 CryptSvc (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
16:45:45.0796 1508 CryptSvc - ok
16:45:45.0906 1508 DcomLaunch (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
16:45:45.0921 1508 DcomLaunch - ok
16:45:45.0953 1508 Dhcp (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
16:45:45.0968 1508 Dhcp - ok
16:45:45.0968 1508 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
16:45:45.0984 1508 Disk - ok
16:45:45.0984 1508 dmadmin - ok
16:45:46.0046 1508 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
16:45:46.0046 1508 dmboot - ok
16:45:46.0093 1508 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
16:45:46.0093 1508 dmio - ok
16:45:46.0125 1508 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
16:45:46.0125 1508 dmload - ok
16:45:46.0156 1508 dmserver (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
16:45:46.0171 1508 dmserver - ok
16:45:46.0203 1508 Dnscache (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
16:45:46.0203 1508 Dnscache - ok
16:45:46.0203 1508 dpti2o - ok
16:45:46.0281 1508 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS
16:45:46.0281 1508 DrvAgent64 - ok
16:45:46.0296 1508 ERSvc (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
16:45:46.0296 1508 ERSvc - ok
16:45:46.0343 1508 Eventlog (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
16:45:46.0343 1508 Eventlog - ok
16:45:46.0406 1508 EventSystem (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
16:45:46.0406 1508 EventSystem - ok
16:45:46.0453 1508 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
16:45:46.0453 1508 Fastfat - ok
16:45:46.0515 1508 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:45:46.0515 1508 Fdc - ok
16:45:46.0531 1508 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
16:45:46.0531 1508 Fips - ok
16:45:46.0546 1508 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:45:46.0546 1508 Flpydisk - ok
16:45:46.0578 1508 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
16:45:46.0578 1508 FltMgr - ok
16:45:46.0656 1508 FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
16:45:46.0671 1508 FontCache3.0.0.0 - ok
16:45:46.0671 1508 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:45:46.0671 1508 Fs_Rec - ok
16:45:46.0703 1508 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:45:46.0703 1508 Ftdisk - ok
16:45:46.0734 1508 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:45:46.0734 1508 Gpc - ok
16:45:46.0859 1508 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:46.0875 1508 gupdate - ok
16:45:46.0875 1508 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:46.0875 1508 gupdatem - ok
16:45:46.0937 1508 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:45:46.0937 1508 HDAudBus - ok
16:45:47.0031 1508 helpsvc (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:45:47.0031 1508 helpsvc - ok
16:45:47.0046 1508 HidBatt (ddd74d94d018bcb66ca31e4533925695) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
16:45:47.0046 1508 HidBatt - ok
16:45:47.0093 1508 HidServ (9648ad494be12b39acc2db638e2340a0) C:\WINDOWS\System32\hidserv.dll
16:45:47.0093 1508 HidServ - ok
16:45:47.0109 1508 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:45:47.0109 1508 hidusb - ok
16:45:47.0187 1508 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
16:45:47.0203 1508 HTTP - ok
16:45:47.0218 1508 HTTPFilter (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
16:45:47.0218 1508 HTTPFilter - ok
16:45:47.0234 1508 i2omgmt - ok
16:45:47.0250 1508 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:45:47.0250 1508 i8042prt - ok
16:45:47.0312 1508 IASJet - ok
16:45:47.0421 1508 idsvc (501cf65702d7f64c38db360f7eb07adc) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:45:47.0437 1508 idsvc - ok
16:45:47.0437 1508 iirsp - ok
16:45:47.0453 1508 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:45:47.0453 1508 imapi - ok
16:45:47.0515 1508 ImapiService (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
16:45:47.0515 1508 ImapiService - ok
16:45:47.0531 1508 IntelIde - ok
16:45:47.0562 1508 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
16:45:47.0578 1508 Ip6Fw - ok
16:45:47.0593 1508 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:45:47.0593 1508 IpFilterDriver - ok
16:45:47.0593 1508 IpInIp - ok
16:45:47.0640 1508 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:45:47.0640 1508 IpNat - ok
16:45:47.0718 1508 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:45:47.0718 1508 IPSec - ok
16:45:47.0781 1508 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:45:47.0781 1508 IRENUM - ok
16:45:47.0828 1508 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:45:47.0828 1508 isapnp - ok
16:45:47.0937 1508 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:45:47.0937 1508 JavaQuickStarterService - ok
16:45:47.0953 1508 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:45:47.0953 1508 Kbdclass - ok
16:45:48.0015 1508 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
16:45:48.0015 1508 kmixer - ok
16:45:48.0062 1508 KSecDD (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys
16:45:48.0062 1508 KSecDD - ok
16:45:48.0093 1508 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
16:45:48.0093 1508 ksthunk - ok
16:45:48.0140 1508 lanmanserver (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll
16:45:48.0156 1508 lanmanserver - ok
16:45:48.0234 1508 lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll
16:45:48.0234 1508 lanmanworkstation - ok
16:45:48.0265 1508 LmHosts (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll
16:45:48.0265 1508 LmHosts - ok
16:45:48.0390 1508 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:45:48.0390 1508 MDM - ok
16:45:48.0437 1508 Messenger (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll
16:45:48.0437 1508 Messenger - ok
16:45:48.0484 1508 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
16:45:48.0484 1508 mnmdd - ok
16:45:48.0500 1508 mnmsrvc - ok
16:45:48.0531 1508 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
16:45:48.0531 1508 Modem - ok
16:45:48.0546 1508 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:45:48.0546 1508 Mouclass - ok
16:45:48.0562 1508 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
16:45:48.0562 1508 MountMgr - ok
16:45:48.0578 1508 mraid35x - ok
16:45:48.0640 1508 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:45:48.0640 1508 MRxDAV - ok
16:45:48.0734 1508 MRxSmb (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:45:48.0734 1508 MRxSmb - ok
16:45:48.0765 1508 MSDTC (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe
16:45:48.0765 1508 MSDTC - ok
16:45:48.0796 1508 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
16:45:48.0812 1508 Msfs - ok
16:45:48.0812 1508 MSIServer - ok
16:45:48.0843 1508 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:45:48.0843 1508 MSKSSRV - ok
16:45:48.0859 1508 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:45:48.0859 1508 MSPCLOCK - ok
16:45:48.0875 1508 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
16:45:48.0875 1508 MSPQM - ok
16:45:48.0890 1508 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:45:48.0906 1508 mssmbios - ok
16:45:48.0937 1508 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
16:45:48.0937 1508 Mup - ok
16:45:48.0968 1508 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
16:45:48.0968 1508 NDIS - ok
16:45:48.0984 1508 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:45:48.0984 1508 NdisTapi - ok
16:45:49.0015 1508 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:45:49.0015 1508 Ndisuio - ok
16:45:49.0046 1508 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:45:49.0046 1508 NdisWan - ok
16:45:49.0078 1508 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
16:45:49.0078 1508 NDProxy - ok
16:45:49.0093 1508 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:45:49.0093 1508 NetBIOS - ok
16:45:49.0156 1508 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:45:49.0156 1508 NetBT - ok
16:45:49.0203 1508 NetDDE (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
16:45:49.0203 1508 NetDDE - ok
16:45:49.0218 1508 NetDDEdsdm (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
16:45:49.0218 1508 NetDDEdsdm - ok
16:45:49.0250 1508 Netlogon (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
16:45:49.0250 1508 Netlogon - ok
16:45:49.0296 1508 Netman (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll
16:45:49.0296 1508 Netman - ok
16:45:49.0390 1508 NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:45:49.0390 1508 NetTcpPortSharing - ok
16:45:49.0468 1508 Nla (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll
16:45:49.0468 1508 Nla - ok
16:45:49.0500 1508 Normandy - ok
16:45:49.0515 1508 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
16:45:49.0515 1508 Npfs - ok
16:45:49.0625 1508 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
16:45:49.0625 1508 Ntfs - ok
16:45:49.0640 1508 NtLmSsp (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
16:45:49.0640 1508 NtLmSsp - ok
16:45:49.0734 1508 NtmsSvc (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll
16:45:49.0750 1508 NtmsSvc - ok
16:45:49.0781 1508 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
16:45:49.0781 1508 Null - ok
16:45:50.0703 1508 nv (b8444db3041357c47cab0b107ed7074b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:45:50.0843 1508 nv - ok
16:45:50.0968 1508 nvata64 (6b92b28c34904e157ca6fbf31f64e5f5) C:\WINDOWS\system32\DRIVERS\nvata64.sys
16:45:50.0968 1508 nvata64 - ok
16:45:51.0031 1508 NVENETFD (c52746064df36edc4b8fda49321ef481) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:45:51.0031 1508 NVENETFD - ok
16:45:51.0078 1508 nvnetbus (f32f7a0cc1d3633098b470ab8ba9dcc0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:45:51.0078 1508 nvnetbus - ok
16:45:51.0109 1508 NVSvc (4730e76c3afdbc57ffd6a8f164615eef) C:\WINDOWS\system32\nvsvc64.exe
16:45:51.0109 1508 NVSvc - ok
16:45:51.0343 1508 nvUpdatusService (e424d08e2dc7f788bc8597573e642b90) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:45:51.0359 1508 nvUpdatusService - ok
16:45:51.0468 1508 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:45:51.0468 1508 ose - ok
16:45:51.0593 1508 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
16:45:51.0593 1508 Parport - ok
16:45:51.0625 1508 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
16:45:51.0625 1508 PartMgr - ok
16:45:51.0640 1508 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
16:45:51.0656 1508 PCI - ok
16:45:51.0656 1508 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:45:51.0671 1508 PCIIde - ok
16:45:51.0703 1508 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:45:51.0703 1508 Pcmcia - ok
16:45:51.0703 1508 PDCOMP - ok
16:45:51.0718 1508 PDFRAME - ok
16:45:51.0734 1508 PDRELI - ok
16:45:51.0734 1508 PDRFRAME - ok
16:45:51.0812 1508 PlugPlay (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
16:45:51.0812 1508 PlugPlay - ok
16:45:51.0859 1508 PolicyAgent (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
16:45:51.0859 1508 PolicyAgent - ok
16:45:51.0906 1508 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:45:51.0921 1508 PptpMiniport - ok
16:45:51.0921 1508 ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
16:45:51.0921 1508 ProtectedStorage - ok
16:45:51.0937 1508 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
16:45:51.0937 1508 PSched - ok
16:45:51.0968 1508 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:45:51.0968 1508 Ptilink - ok
16:45:51.0984 1508 PxHelp64 - ok
16:45:52.0000 1508 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
16:45:52.0000 1508 PxHlpa64 - ok
16:45:52.0015 1508 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:45:52.0015 1508 RasAcd - ok
16:45:52.0031 1508 RasAuto (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll
16:45:52.0031 1508 RasAuto - ok
16:45:52.0046 1508 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:45:52.0062 1508 Rasl2tp - ok
16:45:52.0109 1508 RasMan (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll
16:45:52.0125 1508 RasMan - ok
16:45:52.0140 1508 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:45:52.0140 1508 RasPppoe - ok
16:45:52.0156 1508 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:45:52.0156 1508 Raspti - ok
16:45:52.0187 1508 Rdbss (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:45:52.0187 1508 Rdbss - ok
16:45:52.0203 1508 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:45:52.0203 1508 RDPCDD - ok
16:45:52.0250 1508 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:45:52.0250 1508 rdpdr - ok
16:45:52.0312 1508 RDPWD (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
16:45:52.0312 1508 RDPWD - ok
16:45:52.0343 1508 RDSessMgr (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe
16:45:52.0343 1508 RDSessMgr - ok
16:45:52.0390 1508 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:45:52.0390 1508 redbook - ok
16:45:52.0421 1508 RemoteAccess (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll
16:45:52.0421 1508 RemoteAccess - ok
16:45:52.0468 1508 RemoteRegistry (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll
16:45:52.0484 1508 RemoteRegistry - ok
16:45:52.0531 1508 RpcLocator (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe
16:45:52.0531 1508 RpcLocator - ok
16:45:52.0625 1508 RpcSs (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
16:45:52.0625 1508 RpcSs - ok
16:45:52.0687 1508 SamSs (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
16:45:52.0687 1508 SamSs - ok
16:45:52.0718 1508 SCardSvr (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe
16:45:52.0734 1508 SCardSvr - ok
16:45:52.0781 1508 Schedule (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll
16:45:52.0781 1508 Schedule - ok
16:45:52.0843 1508 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:45:52.0843 1508 Secdrv - ok
16:45:52.0875 1508 seclogon (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll
16:45:52.0875 1508 seclogon - ok
16:45:52.0890 1508 SENS (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll
16:45:52.0890 1508 SENS - ok
16:45:52.0937 1508 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:45:52.0953 1508 serenum - ok
16:45:52.0968 1508 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
16:45:52.0968 1508 Serial - ok
16:45:53.0000 1508 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:45:53.0000 1508 Sfloppy - ok
16:45:53.0062 1508 SharedAccess (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll
16:45:53.0078 1508 SharedAccess - ok
16:45:53.0125 1508 ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
16:45:53.0140 1508 ShellHWDetection - ok
16:45:53.0156 1508 Simbad - ok
16:45:53.0203 1508 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
16:45:53.0218 1508 splitter - ok
16:45:53.0250 1508 Spooler (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe
16:45:53.0250 1508 Spooler - ok
16:45:53.0296 1508 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
16:45:53.0296 1508 sr - ok
16:45:53.0359 1508 srservice (7b6da719973755bd091131e53ad6ec23) C:\WINDOWS\system32\srsvc.dll
16:45:53.0359 1508 srservice - ok
16:45:53.0453 1508 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
16:45:53.0468 1508 Srv - ok
16:45:53.0484 1508 SSDPSRV (94ad81c8ee2385eddb08c7e34fedb7a8) C:\WINDOWS\System32\ssdpsrv.dll
16:45:53.0484 1508 SSDPSRV - ok
16:45:53.0562 1508 stisvc (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll
16:45:53.0562 1508 stisvc - ok
16:45:53.0593 1508 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:45:53.0593 1508 swenum - ok
16:45:53.0625 1508 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
16:45:53.0625 1508 swmidi - ok
16:45:53.0687 1508 swprv (2e54746998139cb708b83974f1ac09f3) C:\WINDOWS\System32\swprv.dll
16:45:53.0703 1508 swprv - ok
16:45:53.0718 1508 symc8xx - ok
16:45:53.0718 1508 symmpi - ok
16:45:53.0734 1508 sym_hi - ok
16:45:53.0750 1508 sym_u3 - ok
16:45:53.0781 1508 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
16:45:53.0781 1508 sysaudio - ok
16:45:53.0812 1508 SysmonLog (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe
16:45:53.0812 1508 SysmonLog - ok
16:45:53.0859 1508 TapiSrv (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll
16:45:53.0875 1508 TapiSrv - ok
16:45:53.0937 1508 Tcpip (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:45:53.0953 1508 Tcpip - ok
16:45:54.0000 1508 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:45:54.0000 1508 TDPIPE - ok
16:45:54.0015 1508 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
16:45:54.0015 1508 TDTCP - ok
16:45:54.0046 1508 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:45:54.0046 1508 TermDD - ok
16:45:54.0093 1508 TermService (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll
16:45:54.0093 1508 TermService - ok
16:45:54.0156 1508 Themes (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
16:45:54.0156 1508 Themes - ok
16:45:54.0203 1508 TlntSvr (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe
16:45:54.0203 1508 TlntSvr - ok
16:45:54.0203 1508 TosIde - ok
16:45:54.0250 1508 TrkWks (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll
16:45:54.0250 1508 TrkWks - ok
16:45:54.0281 1508 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
16:45:54.0281 1508 Udfs - ok
16:45:54.0296 1508 ultra - ok
16:45:54.0312 1508 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys
16:45:54.0312 1508 Update - ok
16:45:54.0375 1508 upnphost (78c605cb6e0ce966d3347ff7caf3f8ac) C:\WINDOWS\System32\upnphost.dll
16:45:54.0390 1508 upnphost - ok
16:45:54.0421 1508 UPS (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe
16:45:54.0421 1508 UPS - ok
16:45:54.0468 1508 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:45:54.0468 1508 usbccgp - ok
16:45:54.0531 1508 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:45:54.0531 1508 usbehci - ok
16:45:54.0546 1508 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:45:54.0546 1508 usbhub - ok
16:45:54.0593 1508 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:45:54.0609 1508 usbohci - ok
16:45:54.0625 1508 usbprint (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:45:54.0625 1508 usbprint - ok
16:45:54.0640 1508 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:45:54.0656 1508 usbscan - ok
16:45:54.0656 1508 usbstor (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:45:54.0656 1508 usbstor - ok
16:45:54.0718 1508 vds (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe
16:45:54.0734 1508 vds - ok
16:45:54.0750 1508 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
16:45:54.0750 1508 vga - ok
16:45:54.0796 1508 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
16:45:54.0796 1508 VgaSave - ok
16:45:54.0796 1508 ViaIde - ok
16:45:54.0875 1508 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
16:45:54.0875 1508 VolSnap - ok
16:45:55.0062 1508 VSS (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe
16:45:55.0093 1508 VSS - ok
16:45:55.0234 1508 vToolbarUpdater (980e45498392e6659d2e7c44e7de2336) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
16:45:55.0250 1508 vToolbarUpdater - ok
16:45:55.0375 1508 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
16:45:55.0375 1508 vToolbarUpdater11.1.0 - ok
16:45:55.0531 1508 W32Time (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll
16:45:55.0531 1508 W32Time - ok
16:45:55.0593 1508 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:45:55.0593 1508 Wanarp - ok
16:45:55.0609 1508 WDICA - ok
16:45:55.0640 1508 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
16:45:55.0640 1508 wdmaud - ok
16:45:55.0703 1508 WebClient (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll
16:45:55.0703 1508 WebClient - ok
16:45:55.0718 1508 WinHttpAutoProxySvc - ok
16:45:55.0781 1508 winmgmt (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:45:55.0781 1508 winmgmt - ok
16:45:55.0843 1508 WmdmPmSN (beee2c812019d6d8e7e22f37e6f1f560) C:\WINDOWS\system32\mspmsnsv.dll
16:45:55.0843 1508 WmdmPmSN - ok
16:45:55.0953 1508 Wmi (b51966db20d5c700228dfe222fdf9e67) C:\WINDOWS\System32\advapi32.dll
16:45:55.0968 1508 Wmi - ok
16:45:56.0015 1508 WmiApSrv (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:45:56.0015 1508 WmiApSrv - ok
16:45:56.0171 1508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe
16:45:56.0187 1508 WMPNetworkSvc - ok
16:45:56.0343 1508 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:45:56.0359 1508 WPFFontCache_v0400 - ok
16:45:56.0437 1508 wscsvc (82960ce97c1898c28d7ae62ba6721d27) C:\WINDOWS\system32\wscsvc.dll
16:45:56.0437 1508 wscsvc - ok
16:45:56.0484 1508 wuauserv (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll
16:45:56.0484 1508 wuauserv - ok
16:45:56.0531 1508 WudfPf (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:45:56.0546 1508 WudfPf - ok
16:45:56.0578 1508 WudfRd (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:45:56.0578 1508 WudfRd - ok
16:45:56.0593 1508 WudfSvc (9dcf6c499773b709de8f70cd5013cb38) C:\WINDOWS\System32\WUDFSvc.dll
16:45:56.0609 1508 WudfSvc - ok
16:45:56.0687 1508 WZCSVC (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll
16:45:56.0703 1508 WZCSVC - ok
16:45:56.0750 1508 xmlprov (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll
16:45:56.0750 1508 xmlprov - ok
16:45:56.0781 1508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:45:57.0250 1508 \Device\Harddisk0\DR0 - ok
16:45:57.0265 1508 Boot (0x1200) (0dc385e3c246b64c3e52197df3379532) \Device\Harddisk0\DR0\Partition0
16:45:57.0265 1508 \Device\Harddisk0\DR0\Partition0 - ok
16:45:57.0265 1508 ============================================================
16:45:57.0265 1508 Scan finished
16:45:57.0265 1508 ============================================================
16:45:57.0296 1800 Detected object count: 0
16:45:57.0296 1800 Actual detected object count: 0
16:46:51.0906 1656 Deinitialize success
Hello Jose,
immudebug.log <--This is part of Spybot Search and Destroy, its not malicious but the jury is out on to delete it or not, so at this point just leave it be.
Myself, I have built computers from the ground up for many years, over 20 or so, but my new love are laptops, I dont think I will ever get another desktop so I feel your heading in the right direction.
I installed a new gpu
This possibly can be the culprit but not sure
All the scans we have run have not found any malware, viruses or rootkit activity, my guess it just an old computer and may have some hardware issues.
All us forums work together, why dont you post here in there windows forum, you can link them to this thread if you wish so they can see what we have done, they may be able to sort out your drivers and programs to see what the slow boot up is all about, the reason for this is we just do malware removal on this forum. Like this forum the service is free but you will have to register
http://forums.whatthetech.com/index.php?showforum=119
Good luck,
Ken :)
joselepiu
2012-06-16, 02:51
Well I dont really think the new gpu I installed has anything to do with the issues I have right now, since it was about 3 weeks after I installed it...
But I will post a request on the forum you are proposing...
So is there anything else you can so for me?...
Thanks...
joselepiu
2012-06-16, 07:50
I ran a Spybot scan & found these problems marked in red:
BurstMedia - 1 entries Browser
CasaleMedia - 10 entries Browser
DoubleClick - 2 entries Browser
FastClick - 1 entries Browser
MediaPlex - 4 entries
Zedo - 3 entries Browser
I selected all & Fix selected probles, got a meddage that said that I need to reboot to fix all the probles & I deed but...
After the reboot did anoher scan when it finished it said that all was alright, so I did another scan but got the same problems...
Here are the 2 scans reports:...
joselepiu
2012-06-16, 07:51
15.06.2012 22:27:45 - ##### check started #####
15.06.2012 22:27:45 - ### Version: 1.6.2
15.06.2012 22:27:45 - ### Date: 6/15/2012 10:27:45 PM
15.06.2012 22:27:48 - ##### checking bots #####
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: Zedo Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: DoubleClick Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: Zedo Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: Zedo Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: DoubleClick Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: BurstMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: FastClick Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:03 - ##### checking usage tracking #####
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: MS Direct3D Most recent application
15.06.2012 23:14:06 - found: MS DirectDraw Most recent application
15.06.2012 23:14:08 - found: MS Office 11.0 (Excel) Recent file list 1 files
15.06.2012 23:14:09 - found: MS Search Assistant Typed search terms history
15.06.2012 23:14:11 - found: Windows Drivers installation paths
15.06.2012 23:14:11 - found: Windows Drivers installation paths
15.06.2012 23:14:12 - found: Windows.OpenWith Open with list - .BMP extension 3 files
15.06.2012 23:14:13 - found: Windows.OpenWith Open with list - .BMP extension 2 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 6 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 1 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 1 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 1 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 58 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 13 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 14 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 4 files
15.06.2012 23:14:15 - found: History History (1)
15.06.2012 23:14:15 - found: Cookie Cookie (420)
15.06.2012 23:14:15 - found: History History (1257)
15.06.2012 23:14:15 - ##### check finished #####
joselepiu
2012-06-16, 07:53
--- Report generated: 2012-06-15 23:14 ---
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#ve\admanager.sol
Properties.size=100
Properties.md5=82FFEC68DC5499DA2B19C5D98E99FF77
Properties.filedate=1339807568
Properties.filedatetext=2012-06-15 18:46:07
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\dailyflag.sol
Properties.size=64
Properties.md5=67D16BE4E3F6FD36FD0568848D53786E
Properties.filedate=1339807568
Properties.filedatetext=2012-06-15 18:46:07
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\Demo.sol
Properties.size=367
Properties.md5=9FB243A8E06135D75E0C062AEB87551E
Properties.filedate=1339808468
Properties.filedatetext=2012-06-15 19:01:07
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\OptOut.sol
Properties.size=61
Properties.md5=623AFCE923C66CC581EDF12136B5A3A6
Properties.filedate=1339807574
Properties.filedatetext=2012-06-15 18:46:13
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\Retargeting.sol
Properties.size=211
Properties.md5=AF3E3B0E62B9D558E6B2E662394C82D9
Properties.filedate=1339808468
Properties.filedatetext=2012-06-15 19:01:07
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\UserProvider.sol
Properties.size=67
Properties.md5=264F4275D2F0C70CA647E6A013035FAC
Properties.filedate=1339807574
Properties.filedatetext=2012-06-15 18:46:13
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Search Assistant\ACMru
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (58 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (14 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
History: [SBI $49804B54] History (1) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (420) (Cookie, nothing done)
History: [SBI $49804B54] History (1257) (History, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-05-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-05-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-05-16 Includes\TrojansC-02.sbi (*)
2012-05-18 Includes\TrojansC-03.sbi (*)
2012-05-22 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-05-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Hello Jose,
Those are just tracking cookies and can be deleted from time to time. Just have Spybot remove them
This program may be a bit better to remove them
Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program
Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your next reply
Then see if this free online virus scanner picks anything up
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
joselepiu
2012-06-17, 21:40
SUPERAntiSpyware Scan Log - 06-17-2012 - 10-40-27.log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/17/2012 at 10:40 AM
Application Version : 5.1.1002
Core Rules Database Version : 8750
Trace Rules Database Version: 6562
Scan type : Complete Scan
Total Scan Time : 02:28:27
Operating System Information
Windows XP Professional 64-bit, Service Pack 2 (Build 5.02.3790)
Administrator
Memory items scanned : 421
Memory threats detected : 0
Registry items scanned : 69561
Registry threats detected : 0
File items scanned : 77422
File threats detected : 142
PUP.CNETInstaller
C:\DOCUMENTS AND SETTINGS\D\DESKTOP\ALWAYS ON TOP\CHAMELEON WIN MNGR LITE VER 1 1 0 131.EXE
C:\DOCUMENTS AND SETTINGS\D \DESKTOP\PICS SOFTWARE\TEXTURE PACK 5 VER 1EXE.EXE
Adware.Tracking Cookie
.histats.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ad6media.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ad6media.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ad6media.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\LETY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\LY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Decay
C:\PROGRAM FILES (X86)\ADOBE\READER 10.0\READER\READER_SL.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0EF9D5FA-FBB1-4D21-9244-1C1B67CD2313}\RP207\A0074006.RBF
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744AA0100000010\10.1.0\READER_SL.EXE
ESET Online Scanner Log
C:\Documents and Settings\D\Desktop\Downloads\Tools\Installed\IObit Disk Defrag Ver 3 2 setup.exe a variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\D\Desktop\Downloads\Tools\Installed\WINamp Ver 5 6 1 setup.exe Win32/OpenCandy application
C:\Documents and Settings\D\Desktop\External\D\Tools\Set Up Files\Installed\IObit Smart Defrag 2 Beta 1 21\smart-defrag-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\D\Desktop\pics software\Photo Pos Pro Ver 1 87.exe Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{0EF9D5FA-FBB1-4D21-9244-1C1B67CD2313}\RP247\A0100018.exe a variant of Win32/InstallCore.D application
C:\System Volume Information\_restore{0EF9D5FA-FBB1-4D21-9244-1C1B67CD2313}\RP247\A0100019.exe a variant of Win32/InstallCore.D application
To be on the safeside, lets delete these
C:\Documents and Settings\D\Desktop\Downloads <--Delete everything in your download folder but not the folder itself
C:\Documents and Settings\D\Desktop\External\D\Tools\Set Up Files\Installed <--Same thing here but not the Installed folder
C:\Documents and Settings\D\Desktop\pics software\Photo Pos Pro Ver 1 87.exe <--Delete this
The rest that are bad are in your system restore program
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
:Commands
[purity]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
joselepiu
2012-06-18, 14:25
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Error creating restore point.
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: D J RAC
->Temp folder emptied: 443753 bytes
->Temporary Internet Files folder emptied: 58834 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17733110 bytes
->Google Chrome cache emptied: 26923184 bytes
->Flash cache emptied: 1771 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lety
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Prisci & Vane
->Temp folder emptied: 205776 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 36708783 bytes
->Flash cache emptied: 11551 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570901 bytes
RecycleBin emptied: 53008713 bytes
Total Files Cleaned = 130.00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_032306
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_5rYOgACKdYfSr5T not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_5zVSKaWVfKX8N3a not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_gdGRijHXXZwoYRz not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_OZg1QMeexLWax1r not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_xwDGcpI99BFFEbO not found!
Registry entries deleted on Reboot...
It looks like OTL failed to remove all previous restore points and to create a new one, lets do it manually
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.
joselepiu
2012-06-19, 11:16
Done... but it did not produce any logs...
Dont need one, how are things running now ?
Hey, sorry for being brief as I was out the door heading for work and sometimes my internet access at work is iffy
The reason I had you run the System Restore program is because there where bad entries in there that would have been reinstalled if you decided to use this program to restore your computer to an earlier date, what I had you do is to flush out all the old restore points and create a new one.
Everything running OK ?
joselepiu
2012-06-19, 14:36
Is still the same... really really slow... the boot time... the web surfing... & in general still really slow...
Lets try 2 different scanners
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
joselepiu
2012-06-20, 08:41
The GMER Rootkit Scanner log came out empty...
Here is the other one (MBRCheck.exe)...
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional x64 Edition
Windows Information: Service Pack 2 (build 3790)
Logical Drives Mask: 0x00000004
Kernel Drivers (total 117):
0x01000000 \WINDOWS\system32\ntoskrnl.exe
0x00800000 \WINDOWS\system32\hal.dll
0x993FB000 \WINDOWS\system32\KDCOM.DLL
0x9940B000 \WINDOWS\system32\BOOTVID.dll
0x98F9E000 ACPI.sys
0x9941B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0x98F7D000 pci.sys
0x9942B000 isapnp.sys
0x99AB7000 compbatt.sys
0x997FB000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0x99802000 pciide.sys
0x9943B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0x98F67000 MountMgr.sys
0x98F27000 ftdisk.sys
0x99809000 dmload.sys
0x98EE0000 dmio.sys
0x98E95000 volsnap.sys
0x9944B000 PartMgr.sys
0x98E68000 atapi.sys
0x98E3B000 nvata64.sys
0x98E26000 disk.sys
0x98E09000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0x98DCB000 fltmgr.sys
0x98DA8000 sr.sys
0x9945B000 PxHlpa64.sys
0x98D74000 KSecDD.sys
0x98C6F000 Ntfs.sys
0x98C09000 NDIS.sys
0x98BD5000 Mup.sys
0x9946B000 crcdisk.sys
0x9947B000 avgrkx64.sys
0x9948B000 avgidsha.sys
0x99165000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x9749F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0x9747C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x9959B000 \SystemRoot\system32\DRIVERS\watchdog.sys
0x99960000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x97442000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x995AB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x970F7000 \SystemRoot\system32\drivers\ALCWDM64.SYS
0x970B7000 \SystemRoot\system32\drivers\portcls.sys
0x9706E000 \SystemRoot\system32\drivers\ks.sys
0x99967000 \SystemRoot\system32\drivers\ksthunk.sys
0x995BB000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0x96F00000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0x995CB000 \SystemRoot\system32\DRIVERS\fdc.sys
0x96EDD000 \SystemRoot\system32\DRIVERS\serial.sys
0x995DB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x96EB8000 \SystemRoot\system32\DRIVERS\parport.sys
0x96E9B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x995EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x995FB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9979B000 \SystemRoot\system32\DRIVERS\audstub.sys
0x96E75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9960B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x96DA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x96D95000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x96D72000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9961B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x96D52000 \SystemRoot\system32\DRIVERS\psched.sys
0x96D3C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0x9962B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0x9963B000 \SystemRoot\system32\DRIVERS\raspti.sys
0x96CE5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x96CCF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x99BC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96CB4000 \SystemRoot\system32\DRIVERS\update.sys
0x9964B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x96CA0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x964FC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99BCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x99178000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0x994CB000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x994DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9971B000 \SystemRoot\System32\Drivers\Null.SYS
0x999EC000 \SystemRoot\System32\Drivers\Beep.SYS
0x994EB000 \SystemRoot\System32\drivers\vga.sys
0x994FB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x9950B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9951B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x95C6F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9952B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x95C44000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x95B4F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x95B11000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x95AB0000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x9918B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95A56000 \SystemRoot\system32\DRIVERS\netbt.sys
0x95A09000 \SystemRoot\System32\drivers\afd.sys
0x9919E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x959B8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x958A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x991B1000 \SystemRoot\System32\Drivers\Fips.SYS
0x997DB000 \??\C:\WINDOWS\system32\drivers\BIOS64.sys
0x9585A000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x9953B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95845000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9954B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9955B000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0x956BA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95CA3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xFF000000 \SystemRoot\System32\win32k.sys
0x95C83000 \SystemRoot\System32\drivers\Dxapi.sys
0xFE000000 \SystemRoot\System32\drivers\dxg.sys
0xFE028000 \SystemRoot\System32\nv4_disp.dll
0xFEAC5000 \SystemRoot\System32\ATMFD.DLL
0x96E05000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x941D5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x996CB000 \SystemRoot\system32\DRIVERS\CdaC15BA.sys
0x996FB000 \SystemRoot\system32\DRIVERS\CdaD10BA.sys
0x93F97000 \SystemRoot\System32\Drivers\HTTP.sys
0x93E84000 \SystemRoot\system32\DRIVERS\srv.sys
0x93CC0000 \SystemRoot\system32\drivers\wdmaud.sys
0x93C95000 \SystemRoot\system32\drivers\sysaudio.sys
0x95D13000 \SystemRoot\system32\DRIVERS\secdrv.sys
0x924E4000 \SystemRoot\system32\drivers\kmixer.sys
0x77EC0000 \WINDOWS\system32\ntdll.dll
Processes (total 41):
0 System Idle Process
4 System
276 C:\WINDOWS\system32\smss.exe
556 csrss.exe
592 C:\WINDOWS\system32\winlogon.exe
644 C:\WINDOWS\system32\services.exe
656 C:\WINDOWS\system32\lsass.exe
864 C:\WINDOWS\system32\svchost.exe
944 svchost.exe
988 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1088 svchost.exe
1264 C:\WINDOWS\system32\spoolsv.exe
1392 svchost.exe
1444 C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe
1480 C:\Program Files (x86)\AVG2012\avgwdsvc.exe
1564 C:\WINDOWS\system32\svchost.exe
1644 C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
1712 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1764 C:\WINDOWS\system32\nvsvc64.exe
1916 daemonu.exe
160 svchost.exe
2172 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
2296 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
2588 wmiprvse.exe
1588 alg.exe
1596 C:\WINDOWS\system32\wscntfy.exe
976 C:\WINDOWS\explorer.exe
2936 C:\WINDOWS\soundman.exe
2108 C:\WINDOWS\system32\rundll32.exe
2132 C:\WINDOWS\system32\ctfmon.exe
2692 C:\WINDOWS\system32\rundll32.exe
2188 C:\WINDOWS\SysWOW64\ctfmon.exe
736 C:\WINDOWS\system32\rundll32.exe
740 C:\WINDOWS\SysWOW64\rundll32.exe
1468 C:\Program Files (x86)\AVG2012\avgtray.exe
1580 C:\Program Files (x86)\AVG Secure Search\vprot.exe
1400 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2304 C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe
3976 C:\WINDOWS\system32\notepad.exe
1680 C:\Documents and Settings\D\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Looks like your fine, at this point I dont believe your problem is malware related, if you post in the windows forum I suggested they can run you through some tests to check the health of your hard drive and also maybe sort out programs that can be causing your slow boot time.
http://forums.whatthetech.com/index.php?showforum=119
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
joselepiu
2012-06-20, 10:47
Well, thanks...
Been getting help from the forum you suggested, will see what happens...
Thanks...