Hi Robybel,
This is the kids computer I was talking about. It is very old and possibly beyond help. It is EXTREMELY slow (as a reference to get the dds, aswMBR and spybot reports it took almost 4 hours) and I can now see how frustrating it is for the kids so ANY help you can give me to clean and speed it up would be greatly appreciated.
As I said it is the kids computer that they use for gaming. The only thing of major importance that I would like to leave alone is Minecraft, if that is deleted my son will not be happy lol. (possibly also roblox but he doesnt seem to play that as much)
I have not touched this computer in a while and therefore spybot did find some issues with it. I was a little confused with spybot as when i opened the version on this computer it looked completely different to the one I use. I could not find the Resident icon so I downloaded 1.6.2 version, therefore I now have 2 versions of spybot on this computer...hmmmm I could not print screen and paste so here is a zipped copy of the 2 versions. spybot.zip Please advise which one i should delete
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.40.2
Run by Liv at 9:52:30 on 2013-09-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.335 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe
C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\Liv\LOCALS~1\Temp\jre-7u40-windows-i586-iftw.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^Y6^xdm036^YYA^au&ptb=543854B1-FED8-43A8-AE42-6D93286EE23B&si=swissconverter
uSearch Bar = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
uSearch Page = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - c:\program files\fromdoctopdf_65\bar\1.bin\65SrcAs.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - c:\program files\fromdoctopdf_65\bar\1.bin\65bar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - c:\program files\fromdoctopdf_65\bar\1.bin\65SrcAs.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: FromDocToPDF: {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - c:\program files\fromdoctopdf_65\bar\1.bin\65bar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - c:\program files\fromdoctopdf_65\bar\1.bin\65bar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [pdfFactory Pro Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [FromDocToPDF Search Scope Monitor] "c:\progra~1\fromdo~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
mRun: [FromDocToPDF_65 Browser Plugin Loader] c:\progra~1\fromdo~2\bar\1.bin\65brmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\liv\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\108mbp~1.lnk - c:\program files\108mbps wireless network usb dongle\WLANPRO.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\reg.lnk - c:\program files\108mbps wireless network usb dongle\Reg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &ninemsn Search - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-au\msntb.dll/search.htm
IE: &Search - http://buttons.fromdoctopdf.com/one-toolbaredits/menusearch.jhtml?s=207743773&p2=^Y6^xdm036^YYA^au&si=swissconverter&a=543854B1-FED8-43A8-AE42-6D93286EE23B&n=2013083005&cv=1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www4.snapfish.com.au/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-au/4,0,0,90/mcinsctl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-au/1,0,0,23/mcgdmgr.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BEAC92F2-B27F-4F57-BAFD-FFF6E3FC3744} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CFD98FEF-C2EC-4562-9DEE-30AF1B6D7740} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-5 37664]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-7 214664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-21 1369624]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-28 1174664]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~1\fromdo~2\bar\1.bin\65barsvc.exe [2013-8-30 42504]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-21 168384]
S2 SpyroService;Spyro Portal Service;"c:\program files\fs\spyro portal\flashportal.exe" --> c:\program files\fs\spyro portal\FlashPortal.exe [?]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\liv\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\liv\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\ogplanet\neoonline\gameguard\dump_wmimmc.sys --> c:\program files\ogplanet\neoonline\gameguard\dump_wmimmc.sys [?]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2007-9-7 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2007-9-7 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-5-16 34248]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-09-18 23:47:54 144896 -c--a-w- c:\windows\system32\javacpl.cpl
2013-09-18 23:47:36 94632 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-03 13:53:52 187248 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-30 09:07:24 -------- dc----w- c:\documents and settings\liv\local settings\application data\IAC
2013-08-30 09:07:23 -------- dc----w- c:\documents and settings\liv\application data\FromDocToPDF_65
2013-08-30 09:06:11 -------- dc----w- c:\program files\FromDocToPDF_65
.
==================== Find3M ====================
.
2013-09-18 23:47:18 868264 -c--a-w- c:\windows\system32\npdeployJava1.dll
2013-09-18 23:47:18 790440 -c--a-w- c:\windows\system32\deployJava1.dll
2013-09-13 07:09:06 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 07:09:04 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-15 09:47:10 37664 -c--a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-09 01:56:45 386560 -c--a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 -c--a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 -c----w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 -c--a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 -c----w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 -c----w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 -c--a-w- c:\windows\system32\ole32.dll
2013-08-03 04:18:38 1543680 -c----w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37:53 406016 -c--a-w- c:\windows\system32\usp10.dll
2013-07-07 02:58:44 5022720 -c--a-w- c:\documents and settings\liv\application data\CubeLauncher.exe
2013-07-07 02:58:42 3878400 -c--a-w- c:\documents and settings\liv\application data\Cube.exe
2013-07-07 02:58:40 1718272 -c--a-w- c:\documents and settings\liv\application data\Server.exe
2013-07-07 02:58:36 252400 -c--a-w- c:\documents and settings\liv\application data\vccorlib110.dll
2013-07-07 02:58:34 535008 -c--a-w- c:\documents and settings\liv\application data\msvcp110.dll
2013-07-07 02:58:28 875472 -c--a-w- c:\documents and settings\liv\application data\msvcr110.dll
2013-07-07 02:58:02 717985 -c--a-w- c:\documents and settings\liv\application data\unins000.exe
2013-07-04 03:03:25 2149888 -c----w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 -c----w- c:\windows\system32\ntkrnlpa.exe
2006-04-12 16:38:52 908800 -c--a-w- c:\program files\PDFEdit.exE
2006-03-13 01:27:52 4789792 -c--a-w- c:\program files\picasa2-current.exe
.
============= FINISH: 9:55:05.89 ===============
aswMBR log
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-19 09:57:12
-----------------------------
09:57:12.000 OS Version: Windows 5.1.2600 Service Pack 3
09:57:12.000 Number of processors: 2 586 0x304
09:57:12.000 ComputerName: LIV UserName: Liv
09:57:12.703 Initialize success
10:04:37.531 AVAST engine defs: 13091805
10:06:01.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:06:01.906 Disk 0 Vendor: WDC_WD1600JD-75HBC0 08.02D08 Size: 152587MB BusType: 3
10:06:03.671 Disk 0 MBR read successfully
10:06:03.687 Disk 0 MBR scan
10:06:04.078 Disk 0 Windows XP default MBR code
10:06:04.093 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
10:06:04.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 80325
10:06:04.187 Disk 0 scanning sectors +312480315
10:06:04.750 Disk 0 scanning C:\WINDOWS\system32\drivers
10:06:49.406 Service scanning
10:07:19.078 Modules scanning
10:07:42.234 Disk 0 trace - called modules:
10:07:42.265 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:07:42.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873c7ab8]
10:07:42.312 3 CLASSPNP.SYS[f78a5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87358b00]
10:07:43.453 AVAST engine scan C:\WINDOWS
10:08:43.687 AVAST engine scan C:\WINDOWS\system32
10:15:45.359 AVAST engine scan C:\WINDOWS\system32\drivers
10:16:11.953 AVAST engine scan C:\Documents and Settings\Liv
10:52:33.218 AVAST engine scan C:\Documents and Settings\All Users
11:05:41.281 Scan finished successfully
11:26:38.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Liv\Desktop\MBR.dat"
11:26:38.421 The log file has been saved successfully to "C:\Documents and Settings\Liv\Desktop\aswMBR.txt"
Attach.txt docAttach.zip
Spybot report
WebCake.BHO: [SBI $2698E3E6] Program directory (Directory, nothing done)
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\
WebCake.BHO: [SBI $885FF297] Library (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
Properties.size=17920
Properties.md5=4CB9C66DA8EFD5E577CF213D51F2AF26
Properties.filedate=1334619032
Properties.filedatetext=2012-04-17 09:30:32
WebCake.BHO: [SBI $1107F102] Data (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
Properties.size=45925
Properties.md5=79DC11DFEAE63A5A83B6E245F4B6C536
Properties.filedate=1337376937
Properties.filedatetext=2012-05-19 07:35:36
WebCake.BHO: [SBI $E98B8D0E] Executable (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
Properties.size=225936
Properties.md5=537237D523C660CC578BCCB574D69A80
Properties.filedate=1299814151
Properties.filedatetext=2011-03-11 13:29:11
WebCake.BHO: [SBI $370B837B] Picture (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
Properties.size=4846
Properties.md5=60E3EF9326E8C3F574A2C7B5A31FD895
Properties.filedate=1258611124
Properties.filedatetext=2009-11-19 16:12:03
Yontoo.Pagerage: [SBI $7EA79EE0] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
C:\Documents and Settings\Liv\Local Settings\Application Data\Conduit\
Win32.Downloader.gen: [SBI $F65FFCFA] Library (File, nothing done)
C:\Program Files\Conduit\Community Alerts\Alert.dll
Properties.size=638560
Properties.md5=6796F6E449F90A543DC3345538ACC46F
Properties.filedate=1308838846
Properties.filedatetext=2011-06-24 00:20:46
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-06-03 unins000.exe (51.41.0.0)
2013-09-19 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2013-04-11 Includes\Adware.sbi (*)
2013-09-18 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-09-11 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-09-18 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-09-11 Includes\PUPSC.sbi (*)
2010-01-26 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-07 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-09-05 Includes\TrojansC-03.sbi (*)
2013-09-18 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-08-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll