ladybug895

Members
  • Content Count

    15
  • Joined

  • Last visited

About ladybug895

  • Rank
    Member
  1. thank you and God bless you for your patience with me and your help on this....Take care.. I've gained a new frirend.. stay in touch on facebook Janet
  2. All processes killed ========== OTL ========== Service Wajam Internet Enhancer Service stopped successfully! Service Wajam Internet Enhancer Service deleted successfully! File C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe not found. Service Update Laflurla stopped successfully! Service Update Laflurla deleted successfully! File C:\Program Files\Laflurla\updateLaflurla.exe not found. Service WDICA stopped successfully! Service WDICA deleted successfully! Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! Service PDRELI stopped successfully! Service PDRELI deleted successfully! Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! Service PCIDump stopped successfully! Service PCIDump deleted successfully! Error: No service named mbr was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr deleted successfully. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! Service cpuz134 stopped successfully! Service cpuz134 deleted successfully! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys not found. Service Changer stopped successfully! Service Changer deleted successfully! Service axjbfvzv stopped successfully! Service axjbfvzv deleted successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C59297E-BFFE-4E6A-0BF5-4187155432D8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C59297E-BFFE-4E6A-0BF5-4187155432D8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE34B30D-97A8-46D4-92EC-1419F24DCE09}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE34B30D-97A8-46D4-92EC-1419F24DCE09}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions folder moved successfully. C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\opm5vmj3.default-1397016665796\extensions folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully. C:\Program Files\Mozilla Firefox\extensions folder moved successfully. C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_27 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zoUdechSLSwKJZdfXwMEoWYsVanyTgUGhEDeMdPUtUfZroLhGx deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\Windupdt\winupdate.exe deleted successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator ->Java cache emptied: 114598 bytes User: All Users User: Default User User: LocalService User: NetworkService Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 2930220 bytes User: All Users User: Default User ->Flash cache emptied: 57472 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 3.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 12090543 bytes ->Temporary Internet Files folder emptied: 11227200 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 21792606 bytes ->Google Chrome cache emptied: 40154642 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 19924318 bytes ->FireFox cache emptied: 6257282 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 361447092 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 205353304 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 634709292 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 199431436 bytes Total Files Cleaned = 1,445.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04152014_212729 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. Malwarebytes Anti-Malware www.malwarebytes.org Update, 4/14/2014 10:50:00 PM, SYSTEM, COMPUTER, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 4/14/2014 10:50:24 PM, SYSTEM, COMPUTER, Manual, Malware Database, 2014.3.4.9, 2014.4.15.2, Protection, 4/14/2014 10:52:10 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Starting, Protection, 4/14/2014 10:52:15 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Started, Protection, 4/14/2014 10:52:16 PM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Starting, Protection, 4/14/2014 10:52:47 PM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Started, Protection, 4/14/2014 11:32:38 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Starting, Protection, 4/14/2014 11:33:00 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Started, Protection, 4/14/2014 11:33:09 PM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Starting, Protection, 4/14/2014 11:33:25 PM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Started, Protection, 4/14/2014 11:43:31 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Starting, Protection, 4/14/2014 11:43:32 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Started, Protection, 4/14/2014 11:43:32 PM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Starting, Protection, 4/14/2014 11:44:17 PM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Started, (end)
  4. Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 12.0.0.77 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  5. OTL logfile created on: 4/15/2014 6:16:38 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.07 Mb Total Physical Memory | 22.96 Mb Available Physical Memory | 4.57% Memory free 1.20 Gb Paging File | 0.27 Gb Available in Paging File | 22.54% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 40.39 Gb Free Space | 54.20% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/04/15 18:14:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com PRC - [2014/04/09 12:46:35 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014/04/09 12:46:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014/04/09 12:44:55 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2014/03/18 20:05:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014/03/18 14:30:20 | 000,639,488 | ---- | M] () -- C:\Program Files\Flash Update\winclient32.exe PRC - [2012/08/02 18:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/01/07 00:09:25 | 000,397,312 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc11.exe PRC - [2006/01/07 00:09:25 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe PRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe ========== Modules (No Company Name) ========== MOD - [2014/04/15 14:34:35 | 002,212,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14041501\algo.dll MOD - [2014/04/09 12:47:01 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014/03/18 20:05:08 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2014/03/18 14:30:20 | 000,639,488 | ---- | M] () -- C:\Program Files\Flash Update\winclient32.exe MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files\Flash Update\sqlite3.dll MOD - [2014/03/12 10:14:11 | 016,276,872 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe -- (Wajam Internet Enhancer Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Laflurla\updateLaflurla.exe -- (Update Laflurla) SRV - [2014/04/09 14:33:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/04/09 12:46:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2014/04/09 12:44:55 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2014/04/01 21:20:52 | 003,655,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2014/03/18 20:05:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/02 18:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [File_System | On_Demand | Stopped] -- -- (axjbfvzv) DRV - [2014/04/09 12:47:09 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx) DRV - [2014/04/09 12:47:09 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2014/04/09 12:47:09 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2014/04/09 12:47:08 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2014/04/09 12:47:08 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2014/04/09 12:47:08 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2014/04/09 12:47:08 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2014/04/09 12:46:18 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd) DRV - [2014/04/09 12:44:57 | 000,252,208 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2014/04/09 12:44:56 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis) DRV - [2014/04/09 00:32:53 | 000,055,224 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tStLibG.sys -- (tStLibG) DRV - [2014/04/08 18:27:56 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2014/04/01 21:07:04 | 000,199,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2014/03/31 16:11:58 | 000,211,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2014/03/31 16:11:50 | 000,108,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2014/03/27 22:15:18 | 000,193,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2014/03/27 22:14:40 | 000,123,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2014/03/27 22:04:22 | 000,150,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2014/03/27 22:04:02 | 000,238,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2014/03/27 22:03:22 | 000,028,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2014/03/27 22:03:20 | 000,022,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012/09/18 14:08:36 | 000,010,520 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND) DRV - [2012/05/24 12:44:28 | 000,239,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2011/06/15 10:30:56 | 000,090,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp) DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr) DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS420 IE - HKCU\..\SearchScopes\{6C59297E-BFFE-4E6A-0BF5-4187155432D8}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z127&form=ZGAIDF&install_date=20111223&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111102&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms} IE - HKCU\..\SearchScopes\{AE34B30D-97A8-46D4-92EC-1419F24DCE09}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld IE - HKCU\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20111102&iesrc={referrer:source} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1546;https=127.0.0.1:1546 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://hsrd.yahoo.com/_ylt=A2KLthbWOkhT6wEBwSObvZx4/RV=1/RE=1398452182/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADARIfA9_N3l9EYgsG1F7TxFbFRyoQ-" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\2.bin\NP64Stub.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/09 12:47:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/18 20:01:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/10 00:33:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{828c786a-e911-4821-aabd-a58eff0dcf02}: C:\Program Files\BlockAndSurf Corp\158.xpi [2011/09/21 18:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2014/04/09 11:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\opm5vmj3.default-1397016665796\extensions [2014/04/09 22:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2014/03/18 20:01:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014/03/18 20:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/03/18 20:06:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/04/09 12:47:26 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Conduit Search (Enabled) CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MF0E8115B-F69F-48B1-8369-38C556336852&SearchSource=58&CUI=&UM=5&UP=SP0A3A7739-0903-460C-9CF6-ADA3F08004CD&q={searchTerms}&SSPV= CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, CHR - homepage: http://www.google.com CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.93_0\ CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [fst_us_27] File not found O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP) O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [Windows Client Manager] C:\Program Files\Flash Update\winclient32.exe () O4 - HKCU..\Run: [zoUdechSLSwKJZdfXwMEoWYsVanyTgUGhEDeMdPUtUfZroLhGx] C:\Documents and Settings\Administrator\Local Settings\Application Data\Crisis.exe File not found O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files\java\java.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files\java\java.exe O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297539326578 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302905791640 (MUWebControl Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D34DF27-1C96-4169-B78F-FBD4AAC65D36}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Windupdt\winupdate.exe) - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\DatamngrCoordinator.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/02/12 06:04:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{205015d4-3962-11e0-8544-00123f42ce89}\Shell\AutoRun\command - "" = E:\Info.exe folder.htt 480 480 O33 - MountPoints2\{de4153cb-36a8-11e0-853c-ee59ed5f6acd}\Shell\AutoRun\command - "" = E:\Crisis.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/04/15 17:46:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures [2014/04/15 02:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2014/04/14 22:49:20 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/04/14 22:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware [2014/04/14 22:46:06 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/04/14 22:46:05 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/04/14 22:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014/04/14 22:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2014/04/14 22:15:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014/04/14 18:49:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/04/10 00:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads [2014/04/09 23:23:50 | 009,652,096 | ---- | C] (Reimage®) -- C:\TRANSLATE [2014/04/09 22:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\002 [2014/04/09 22:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\Newrestore Folder [2014/04/09 12:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVAST Software [2014/04/09 12:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast [2014/04/09 12:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2014/04/09 12:47:36 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2014/04/09 12:47:36 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2014/04/09 12:47:36 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2014/04/09 12:47:35 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014/04/09 12:47:35 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2014/04/09 12:47:33 | 000,252,208 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys [2014/04/09 12:47:33 | 000,026,136 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys [2014/04/09 12:47:28 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2014/04/09 12:47:02 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2014/04/09 12:44:56 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys [2014/04/09 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2014/04/09 11:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2014/04/09 11:39:13 | 000,295,080 | ---- | C] (SecureAssist) -- C:\WINDOWS\System32\SecureAssist.dll [2014/04/09 11:33:29 | 000,000,000 | ---D | C] -- C:\temp [2014/04/09 11:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\003 [2014/04/09 00:32:52 | 000,055,224 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys [2014/04/08 23:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Update [2014/04/08 23:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Update [2014/04/08 22:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Laflurla [2014/04/08 22:52:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools [2014/04/08 22:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2014/04/08 21:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2014/04/08 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Old Firefox Data [2014/04/08 20:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\BlockAndSurf Corp [2014/04/08 20:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Convert Files for Free [2014/04/08 20:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.android [2014/04/08 20:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache [2014/04/08 20:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\com [2014/04/08 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\supportdotcom [2014/04/08 17:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportdotcom [2014/04/08 17:08:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll [2014/04/08 17:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2014/04/08 17:08:07 | 000,000,000 | ---D | C] -- C:\Intel [2014/04/08 17:03:25 | 000,089,600 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\Baspxp32.dll [2014/04/08 17:00:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell [2014/04/08 16:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations [2014/04/08 16:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SlimWare Utilities Inc [2014/04/08 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers [2014/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\Inetpub [2014/03/31 08:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2014/03/26 17:21:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe [2014/03/26 17:21:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe [2014/03/21 11:46:46 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx [2014/03/21 11:46:46 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx [2014/03/18 20:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014/03/17 14:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics [2014/03/17 14:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics [2014/03/17 14:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2014/03/17 14:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/04/15 19:44:22 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2014/04/15 19:29:06 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job [2014/04/15 19:15:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2014/04/15 19:15:09 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2014/04/15 19:02:17 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/04/15 18:53:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014/04/15 16:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2014/04/15 13:01:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/04/15 12:34:52 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/04/15 11:56:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/04/15 11:56:08 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job [2014/04/15 11:56:06 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\BlockAndSurf Update.job [2014/04/15 11:56:05 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\BlockAndSurf_wd.job [2014/04/14 23:41:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/04/14 22:50:08 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2014/04/14 21:47:11 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ChromeHitoryDB [2014/04/10 03:00:13 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2014/04/09 23:28:26 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini [2014/04/09 23:24:30 | 009,652,096 | ---- | M] (Reimage®) -- C:\TRANSLATE [2014/04/09 14:54:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2014/04/09 14:32:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2014/04/09 14:32:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2014/04/09 14:13:19 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/04/09 12:57:25 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk [2014/04/09 12:57:25 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk [2014/04/09 12:55:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2014/04/09 12:47:09 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2014/04/09 12:47:09 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2014/04/09 12:47:09 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2014/04/09 12:47:08 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2014/04/09 12:47:08 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014/04/09 12:47:08 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2014/04/09 12:47:08 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2014/04/09 12:47:02 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2014/04/09 12:47:02 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2014/04/09 12:46:18 | 000,026,136 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys [2014/04/09 12:44:57 | 000,252,208 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys [2014/04/09 12:44:56 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys [2014/04/09 00:32:53 | 000,055,224 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys [2014/04/08 21:37:47 | 000,502,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/04/08 21:37:47 | 000,087,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/04/08 21:28:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/04/08 20:49:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2014/04/08 20:22:53 | 000,000,464 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2014/04/08 20:16:49 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\WB.CFG [2014/04/08 19:24:44 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sync Folder.lnk [2014/04/08 18:27:56 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys [2014/04/08 15:03:52 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job [2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/03/21 11:46:46 | 001,081,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx [2014/03/21 11:46:46 | 000,152,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx [2014/03/17 20:58:17 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2014/03/17 14:48:53 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics DiskDefrag.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/04/14 22:47:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2014/04/11 00:15:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2014/04/09 20:15:11 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG [2014/04/09 13:10:15 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ChromeHitoryDB [2014/04/09 12:57:25 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk [2014/04/09 12:57:25 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk [2014/04/09 12:55:39 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2014/04/09 12:55:16 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/04/09 12:55:15 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2014/04/09 12:49:50 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/04/09 12:49:48 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/04/09 12:47:36 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2014/04/09 12:47:35 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2014/04/08 21:28:55 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk [2014/04/08 21:28:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/04/08 21:28:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk [2014/04/08 20:34:47 | 000,173,134 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2014/04/08 20:22:52 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\BlockAndSurf Update.job [2014/04/08 20:22:51 | 000,000,464 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2014/04/08 20:22:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\BlockAndSurf_wd.job [2014/04/08 20:16:49 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WB.CFG [2014/04/08 20:15:26 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2014/04/08 19:24:42 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sync Folder.lnk [2014/04/08 16:33:40 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys [2014/04/08 12:31:07 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job [2014/04/08 12:31:05 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job [2014/03/17 20:58:17 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2014/03/17 14:48:53 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics DiskDefrag.lnk [2014/03/17 14:03:50 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini [2013/02/05 00:07:03 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/16 16:52:21 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat [2012/07/20 20:37:37 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\erdkrfnn [2012/07/20 20:35:31 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\brmvloip [2012/07/19 15:23:09 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\mobuaffu [2012/07/19 15:17:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SharedSettings.ccs [2011/12/23 12:25:53 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2011/06/09 10:39:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Javaw.exe [2005/04/16 02:00:43 | 000,000,311 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Administratorlog.dat ========== ZeroAccess Check ========== [2011/02/12 14:20:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 < End of report >
  6. OTL Extras logfile created on: 4/15/2014 6:16:38 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.07 Mb Total Physical Memory | 22.96 Mb Available Physical Memory | 4.57% Memory free 1.20 Gb Paging File | 0.27 Gb Available in Paging File | 22.54% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 40.39 Gb Free Space | 54.20% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "1886:TCP" = 1886:TCP:*:Enabled:Genieo ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX "Avast" = avast! Internet Security "Google Chrome" = Google Chrome "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/14/2014 8:51:59 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application wordpad.exe, version 5.1.2600.6010, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/14/2014 9:18:43 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/14/2014 9:28:12 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/14/2014 9:28:32 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/14/2014 9:28:32 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/14/2014 11:10:52 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/15/2014 2:48:49 AM | Computer Name = COMPUTER | Source = Windows Search Service | ID = 3100 Description = Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (0x800705b4) Error - 4/15/2014 1:15:23 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application mbam-setup-2.0.1.1004(2).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/15/2014 1:15:36 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001 Description = Fault bucket 191912498. Error - 4/15/2014 8:29:30 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed. [ System Events ] Error - 4/15/2014 4:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At1.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 4:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At2.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 5:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At1.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 5:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At2.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 6:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At1.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 6:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At2.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 7:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At1.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 7:15:00 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At2.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 8:15:27 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At1.job command failed to start due to the following error: %%2147942403 Error - 4/15/2014 8:15:28 PM | Computer Name = COMPUTER | Source = Schedule | ID = 7901 Description = The At2.job command failed to start due to the following error: %%2147942403 < End of report >
  7. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/12/2011 5:06:24 AM System Uptime: 4/14/2014 11:36:07 PM (18 hours ago) . Motherboard: Dell Inc. | | 0H8052 Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 40.393 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1177: 2/10/2014 3:08:13 PM - System Checkpoint RP1178: 2/11/2014 4:08:13 PM - System Checkpoint RP1179: 2/12/2014 3:00:17 AM - Software Distribution Service 3.0 RP1180: 2/13/2014 1:02:48 PM - System Checkpoint RP1181: 2/14/2014 2:02:43 PM - System Checkpoint RP1182: 2/15/2014 3:02:43 PM - System Checkpoint RP1183: 2/16/2014 3:05:03 PM - System Checkpoint RP1184: 2/17/2014 4:04:58 PM - System Checkpoint RP1185: 2/18/2014 5:04:58 PM - System Checkpoint RP1186: 2/19/2014 5:32:58 PM - System Checkpoint RP1187: 2/20/2014 4:04:36 PM - Installed Microsoft PowerPoint Viewer RP1188: 2/21/2014 4:44:33 PM - Installed iTunes RP1189: 2/22/2014 5:12:42 PM - System Checkpoint RP1190: 2/23/2014 5:25:26 PM - System Checkpoint RP1191: 2/24/2014 6:20:09 PM - System Checkpoint RP1192: 2/25/2014 7:09:06 PM - System Checkpoint RP1193: 2/26/2014 8:08:38 PM - System Checkpoint RP1194: 2/27/2014 9:18:15 PM - System Checkpoint RP1195: 2/28/2014 9:58:52 PM - System Checkpoint RP1196: 3/1/2014 10:51:57 PM - System Checkpoint RP1197: 3/2/2014 10:57:47 PM - System Checkpoint RP1198: 3/4/2014 1:04:32 AM - System Checkpoint RP1199: 3/5/2014 1:33:14 AM - System Checkpoint RP1200: 3/6/2014 1:42:02 AM - System Checkpoint RP1201: 3/7/2014 2:36:43 AM - System Checkpoint RP1202: 3/8/2014 3:31:24 AM - System Checkpoint RP1203: 3/9/2014 5:26:29 AM - System Checkpoint RP1204: 3/10/2014 6:24:15 AM - System Checkpoint RP1205: 3/11/2014 7:18:52 AM - System Checkpoint RP1206: 3/12/2014 7:51:11 AM - System Checkpoint RP1207: 3/12/2014 9:56:39 AM - Software Distribution Service 3.0 RP1208: 3/13/2014 10:08:32 AM - System Checkpoint RP1209: 3/14/2014 11:09:05 AM - System Checkpoint RP1210: 3/15/2014 11:57:33 AM - System Checkpoint RP1211: 3/16/2014 12:51:57 PM - System Checkpoint RP1212: 3/17/2014 1:46:28 PM - System Checkpoint RP1213: 3/17/2014 2:42:21 PM - Configured SoundMAX RP1214: 3/17/2014 2:42:53 PM - Installed SoundMAX RP1215: 3/17/2014 9:01:40 PM - Software Distribution Service 3.0 RP1216: 3/18/2014 9:15:41 PM - System Checkpoint RP1217: 3/19/2014 9:18:40 PM - System Checkpoint RP1218: 3/20/2014 9:51:23 PM - System Checkpoint RP1219: 3/21/2014 10:46:12 PM - System Checkpoint RP1220: 3/22/2014 11:45:33 PM - System Checkpoint RP1221: 3/24/2014 12:37:49 AM - System Checkpoint RP1222: 3/25/2014 1:32:15 AM - System Checkpoint RP1223: 3/26/2014 2:25:52 AM - System Checkpoint RP1224: 3/27/2014 2:00:39 AM - Software Distribution Service 3.0 RP1225: 3/28/2014 2:18:38 AM - System Checkpoint RP1226: 3/29/2014 3:13:11 AM - System Checkpoint RP1227: 3/30/2014 3:15:25 AM - System Checkpoint RP1228: 3/31/2014 4:04:03 AM - System Checkpoint RP1229: 4/1/2014 4:58:34 AM - System Checkpoint RP1230: 4/2/2014 5:50:53 AM - System Checkpoint RP1231: 4/3/2014 6:46:18 AM - System Checkpoint RP1232: 4/4/2014 7:41:52 AM - System Checkpoint RP1233: 4/5/2014 9:06:08 AM - System Checkpoint RP1234: 4/6/2014 9:50:03 AM - System Checkpoint RP1235: 4/7/2014 10:44:35 AM - System Checkpoint RP1236: 4/8/2014 10:30:51 AM - Software Distribution Service 3.0 RP1237: 4/8/2014 3:16:16 PM - Removed Microsoft Silverlight RP1238: 4/8/2014 3:18:17 PM - Removed Windows Live Upload Tool RP1239: 4/8/2014 3:18:41 PM - Removed Windows Live Sign-in Assistant RP1240: 4/8/2014 3:24:20 PM - Configured SoundMAX RP1241: 4/8/2014 3:24:51 PM - Installed SoundMAX RP1242: 4/8/2014 4:51:54 PM - DriverUpdate Installing Drivers RP1243: 4/8/2014 5:01:02 PM - Removed Broadcom Gigabit Integrated Controller RP1244: 4/8/2014 5:01:45 PM - Installed Broadcom NetXtreme-I Netlink Driver and Management Installer. RP1245: 4/8/2014 6:36:20 PM - DriverUpdate Installing Drivers RP1246: 4/8/2014 7:02:13 PM - Removed DriverUpdate RP1247: 4/8/2014 7:15:02 PM - Uniblue SpeedUpMyPC installation RP1248: 4/9/2014 11:57:43 AM - avast! antivirus system restore point RP1249: 4/9/2014 12:37:53 PM - avast! antivirus system restore point RP1250: 4/9/2014 2:28:24 PM - Software Distribution Service 3.0 RP1251: 4/10/2014 3:12:58 PM - System Checkpoint RP1252: 4/11/2014 3:23:02 PM - System Checkpoint RP1253: 4/12/2014 4:18:39 PM - System Checkpoint RP1254: 4/13/2014 5:14:18 PM - System Checkpoint RP1255: 4/15/2014 12:09:24 AM - System Checkpoint RP1256: 4/15/2014 2:06:20 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX avast! Internet Security AVG 2014 Free Window Sweeper Google Chrome Google Update Helper Malwarebytes Anti-Malware version 2.0.1.1004 Security Update for Windows Internet Explorer 8 (KB2936068) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2922229) . ==== Event Viewer Messages From Past Week ======== . 4/9/2014 5:24:52 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/9/2014 5:24:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect. 4/9/2014 2:17:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hlnfd 4/9/2014 12:57:06 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). 4/9/2014 12:57:06 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s). 4/9/2014 12:57:06 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 4/9/2014 12:36:24 PM, error: Service Control Manager [7000] - The vsacqnnz service failed to start due to the following error: The system cannot find the file specified. 4/9/2014 12:15:55 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. 4/9/2014 12:13:15 PM, error: Service Control Manager [7000] - The Update Laflurla service failed to start due to the following error: The system cannot find the file specified. 4/9/2014 12:12:14 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. 4/9/2014 11:45:54 AM, error: Service Control Manager [7000] - The axjbfvzv service failed to start due to the following error: The system cannot find the file specified. 4/9/2014 11:34:38 AM, error: Service Control Manager [7034] - The Search Protect by Conduit Service service terminated unexpectedly. It has done this 1 time(s). 4/9/2014 10:59:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Util Laflurla service. 4/9/2014 1:06:38 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/9/2014 1:06:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect. 4/9/2014 1:06:16 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 4/8/2014 8:44:12 PM, error: Service Control Manager [7022] - The Wajam Internet Enhancer Service service hung on starting. 4/8/2014 7:24:10 PM, error: Service Control Manager [7000] - The NewPlayer Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/8/2014 7:24:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NewPlayer Updater Service service to connect. 4/8/2014 6:10:52 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 4/8/2014 5:10:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service. 4/8/2014 2:57:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 4/8/2014 2:57:06 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/8/2014 12:29:49 PM, error: Service Control Manager [7000] - The TelevisionFanaticService service failed to start due to the following error: The system cannot find the file specified. 4/8/2014 12:29:49 PM, error: Service Control Manager [7000] - The RadioRageService service failed to start due to the following error: The system cannot find the file specified. 4/8/2014 12:29:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/8/2014 10:38:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect. 4/8/2014 10:38:25 PM, error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/15/2014 9:42:36 AM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D). 4/14/2014 8:09:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 4/14/2014 8:08:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 4/14/2014 8:08:27 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2014 8:07:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect. 4/14/2014 8:07:51 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2014 7:15:15 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942403 4/14/2014 7:15:13 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942403 4/14/2014 7:05:02 PM, error: Service Control Manager [7000] - The Wajam Internet Enhancer Service service failed to start due to the following error: The system cannot find the file specified. 4/14/2014 7:05:02 PM, error: Service Control Manager [7000] - The Search Protect by Conduit Service service failed to start due to the following error: The system cannot find the path specified. 4/14/2014 7:05:02 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2014 7:05:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/14/2014 6:54:48 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/14/2014 6:54:48 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 6:54:48 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Wajam Internet Enhancer Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Broadcom Management Agent service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/14/2014 6:52:30 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 6:52:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 11:03:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. 4/14/2014 10:48:54 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 4/10/2014 8:09:27 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 4/10/2014 7:49:38 AM, error: Service Control Manager [7000] - The TelevisionFanaticService service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File ===========================
  8. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/12/2011 5:06:24 AM System Uptime: 4/14/2014 11:36:07 PM (18 hours ago) . Motherboard: Dell Inc. | | 0H8052 Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 40.393 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1177: 2/10/2014 3:08:13 PM - System Checkpoint RP1178: 2/11/2014 4:08:13 PM - System Checkpoint RP1179: 2/12/2014 3:00:17 AM - Software Distribution Service 3.0 RP1180: 2/13/2014 1:02:48 PM - System Checkpoint RP1181: 2/14/2014 2:02:43 PM - System Checkpoint RP1182: 2/15/2014 3:02:43 PM - System Checkpoint RP1183: 2/16/2014 3:05:03 PM - System Checkpoint RP1184: 2/17/2014 4:04:58 PM - System Checkpoint RP1185: 2/18/2014 5:04:58 PM - System Checkpoint RP1186: 2/19/2014 5:32:58 PM - System Checkpoint RP1187: 2/20/2014 4:04:36 PM - Installed Microsoft PowerPoint Viewer RP1188: 2/21/2014 4:44:33 PM - Installed iTunes RP1189: 2/22/2014 5:12:42 PM - System Checkpoint RP1190: 2/23/2014 5:25:26 PM - System Checkpoint RP1191: 2/24/2014 6:20:09 PM - System Checkpoint RP1192: 2/25/2014 7:09:06 PM - System Checkpoint RP1193: 2/26/2014 8:08:38 PM - System Checkpoint RP1194: 2/27/2014 9:18:15 PM - System Checkpoint RP1195: 2/28/2014 9:58:52 PM - System Checkpoint RP1196: 3/1/2014 10:51:57 PM - System Checkpoint RP1197: 3/2/2014 10:57:47 PM - System Checkpoint RP1198: 3/4/2014 1:04:32 AM - System Checkpoint RP1199: 3/5/2014 1:33:14 AM - System Checkpoint RP1200: 3/6/2014 1:42:02 AM - System Checkpoint RP1201: 3/7/2014 2:36:43 AM - System Checkpoint RP1202: 3/8/2014 3:31:24 AM - System Checkpoint RP1203: 3/9/2014 5:26:29 AM - System Checkpoint RP1204: 3/10/2014 6:24:15 AM - System Checkpoint RP1205: 3/11/2014 7:18:52 AM - System Checkpoint RP1206: 3/12/2014 7:51:11 AM - System Checkpoint RP1207: 3/12/2014 9:56:39 AM - Software Distribution Service 3.0 RP1208: 3/13/2014 10:08:32 AM - System Checkpoint RP1209: 3/14/2014 11:09:05 AM - System Checkpoint RP1210: 3/15/2014 11:57:33 AM - System Checkpoint RP1211: 3/16/2014 12:51:57 PM - System Checkpoint RP1212: 3/17/2014 1:46:28 PM - System Checkpoint RP1213: 3/17/2014 2:42:21 PM - Configured SoundMAX RP1214: 3/17/2014 2:42:53 PM - Installed SoundMAX RP1215: 3/17/2014 9:01:40 PM - Software Distribution Service 3.0 RP1216: 3/18/2014 9:15:41 PM - System Checkpoint RP1217: 3/19/2014 9:18:40 PM - System Checkpoint RP1218: 3/20/2014 9:51:23 PM - System Checkpoint RP1219: 3/21/2014 10:46:12 PM - System Checkpoint RP1220: 3/22/2014 11:45:33 PM - System Checkpoint RP1221: 3/24/2014 12:37:49 AM - System Checkpoint RP1222: 3/25/2014 1:32:15 AM - System Checkpoint RP1223: 3/26/2014 2:25:52 AM - System Checkpoint RP1224: 3/27/2014 2:00:39 AM - Software Distribution Service 3.0 RP1225: 3/28/2014 2:18:38 AM - System Checkpoint RP1226: 3/29/2014 3:13:11 AM - System Checkpoint RP1227: 3/30/2014 3:15:25 AM - System Checkpoint RP1228: 3/31/2014 4:04:03 AM - System Checkpoint RP1229: 4/1/2014 4:58:34 AM - System Checkpoint RP1230: 4/2/2014 5:50:53 AM - System Checkpoint RP1231: 4/3/2014 6:46:18 AM - System Checkpoint RP1232: 4/4/2014 7:41:52 AM - System Checkpoint RP1233: 4/5/2014 9:06:08 AM - System Checkpoint RP1234: 4/6/2014 9:50:03 AM - System Checkpoint RP1235: 4/7/2014 10:44:35 AM - System Checkpoint RP1236: 4/8/2014 10:30:51 AM - Software Distribution Service 3.0 RP1237: 4/8/2014 3:16:16 PM - Removed Microsoft Silverlight RP1238: 4/8/2014 3:18:17 PM - Removed Windows Live Upload Tool RP1239: 4/8/2014 3:18:41 PM - Removed Windows Live Sign-in Assistant RP1240: 4/8/2014 3:24:20 PM - Configured SoundMAX RP1241: 4/8/2014 3:24:51 PM - Installed SoundMAX RP1242: 4/8/2014 4:51:54 PM - DriverUpdate Installing Drivers RP1243: 4/8/2014 5:01:02 PM - Removed Broadcom Gigabit Integrated Controller RP1244: 4/8/2014 5:01:45 PM - Installed Broadcom NetXtreme-I Netlink Driver and Management Installer. RP1245: 4/8/2014 6:36:20 PM - DriverUpdate Installing Drivers RP1246: 4/8/2014 7:02:13 PM - Removed DriverUpdate RP1247: 4/8/2014 7:15:02 PM - Uniblue SpeedUpMyPC installation RP1248: 4/9/2014 11:57:43 AM - avast! antivirus system restore point RP1249: 4/9/2014 12:37:53 PM - avast! antivirus system restore point RP1250: 4/9/2014 2:28:24 PM - Software Distribution Service 3.0 RP1251: 4/10/2014 3:12:58 PM - System Checkpoint RP1252: 4/11/2014 3:23:02 PM - System Checkpoint RP1253: 4/12/2014 4:18:39 PM - System Checkpoint RP1254: 4/13/2014 5:14:18 PM - System Checkpoint RP1255: 4/15/2014 12:09:24 AM - System Checkpoint RP1256: 4/15/2014 2:06:20 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX avast! Internet Security AVG 2014 Free Window Sweeper Google Chrome Google Update Helper Malwarebytes Anti-Malware version 2.0.1.1004 Security Update for Windows Internet Explorer 8 (KB2936068) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2922229) . ==== Event Viewer Messages From Past Week ======== . 4/9/2014 5:24:52 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/9/2014 5:24:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect. 4/9/2014 2:17:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hlnfd 4/9/2014 12:57:06 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). 4/9/2014 12:57:06 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s). 4/9/2014 12:57:06 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 4/9/2014 12:36:24 PM, error: Service Control Manager [7000] - The vsacqnnz service failed to start due to the following error: The system cannot find the file specified. 4/9/2014 12:15:55 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. 4/9/2014 12:13:15 PM, error: Service Control Manager [7000] - The Update Laflurla service failed to start due to the following error: The system cannot find the file specified. 4/9/2014 12:12:14 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. 4/9/2014 11:45:54 AM, error: Service Control Manager [7000] - The axjbfvzv service failed to start due to the following error: The system cannot find the file specified. 4/9/2014 11:34:38 AM, error: Service Control Manager [7034] - The Search Protect by Conduit Service service terminated unexpectedly. It has done this 1 time(s). 4/9/2014 10:59:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Util Laflurla service. 4/9/2014 1:06:38 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/9/2014 1:06:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect. 4/9/2014 1:06:16 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 4/8/2014 8:44:12 PM, error: Service Control Manager [7022] - The Wajam Internet Enhancer Service service hung on starting. 4/8/2014 7:24:10 PM, error: Service Control Manager [7000] - The NewPlayer Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/8/2014 7:24:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NewPlayer Updater Service service to connect. 4/8/2014 6:10:52 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 4/8/2014 5:10:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service. 4/8/2014 2:57:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 4/8/2014 2:57:06 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/8/2014 12:29:49 PM, error: Service Control Manager [7000] - The TelevisionFanaticService service failed to start due to the following error: The system cannot find the file specified. 4/8/2014 12:29:49 PM, error: Service Control Manager [7000] - The RadioRageService service failed to start due to the following error: The system cannot find the file specified. 4/8/2014 12:29:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/8/2014 10:38:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect. 4/8/2014 10:38:25 PM, error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/15/2014 9:42:36 AM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D). 4/14/2014 8:09:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 4/14/2014 8:08:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 4/14/2014 8:08:27 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2014 8:07:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect. 4/14/2014 8:07:51 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2014 7:15:15 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942403 4/14/2014 7:15:13 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942403 4/14/2014 7:05:02 PM, error: Service Control Manager [7000] - The Wajam Internet Enhancer Service service failed to start due to the following error: The system cannot find the file specified. 4/14/2014 7:05:02 PM, error: Service Control Manager [7000] - The Search Protect by Conduit Service service failed to start due to the following error: The system cannot find the path specified. 4/14/2014 7:05:02 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2014 7:05:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/14/2014 6:54:48 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/14/2014 6:54:48 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 6:54:48 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Wajam Internet Enhancer Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Broadcom Management Agent service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 4/14/2014 6:52:30 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/14/2014 6:52:30 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 6:52:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/14/2014 11:03:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. 4/14/2014 10:48:54 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 4/10/2014 8:09:27 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 4/10/2014 7:49:38 AM, error: Service Control Manager [7000] - The TelevisionFanaticService service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File ===========================
  9. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 17:46:42 on 2014-04-15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.59 [GMT -5:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Flash Update\winclient32.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:1546;https=127.0.0.1:1546 uProxyOverride = <-loopback> dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [zoUdechSLSwKJZdfXwMEoWYsVanyTgUGhEDeMdPUtUfZroLhGx] c:\documents and settings\administrator\local settings\application data\Crisis.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Windows Client Manager] c:\program files\flash update\winclient32.exe mRun: [fst_us_27] <no file> mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctOTQyODc3MzcxLU4xKzEtVklQKzEtVFVHKzMtRkkrMS1GTDEwKzEtTFNEKzItRERUKzAtU1QxMEFQUCsxLUREMTArMS1TVDEyT0krMS1FVUxBKzEtU1QxMkFQUCsxLVNUMTJGQVBQKzE"&"prod=55"&"ver=2012.0.1834"&"mid=1d772f946f7a47d6a6ffd15b79a6277a-98068252906bc42bbade9493ef22ef469d53e47f uExplorerRun: [Policies] c:\program files\java\java.exe mExplorerRun: [Policies] c:\program files\java\java.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe TCP: NameServer = 192.168.1.254 TCP: Interfaces\{7D34DF27-1C96-4169-B78F-FBD4AAC65D36} : DHCPNameServer = 192.168.1.254 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 nwprovau mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {J1C03LFT-D10V-35H7-Y3US-D8D16X05341A} - c:\program files\java\java.exe Restart IFEO: DatamngrCoordinator.exe - tasklist.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\opm5vmj3.default-1397016665796\ FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R? AVGIDSAgent;AVGIDSAgent R? axjbfvzv;axjbfvzv R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? cpuz134;cpuz134 R? ssmirrdr;ssmirrdr R? SWDUMon;SWDUMon R? Update Laflurla;Update Laflurla R? Wajam Internet Enhancer Service;Wajam Internet Enhancer Service R? WinRM;Windows Remote Management (WS-Management) R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? aswKbd;aswKbd S? aswMonFlt;aswMonFlt S? aswNdis;avast! Firewall NDIS Filter Service S? aswNdis2;avast! Firewall NDIS Driver S? aswRvrt;avast! Revert S? aswSnx;aswSnx S? aswSP;aswSP S? aswVmm;avast! VM Monitor S? avast! Antivirus;avast! Antivirus S? avast! Firewall;avast! Firewall S? Avgdiskx;AVG Disk Driver S? AVGIDSDriver;AVGIDSDriver S? AVGIDSHX;AVGIDSHX S? AVGIDSShim;AVGIDSShim S? Avgldx86;AVG AVI Loader Driver S? Avglogx;AVG Logging Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? Avgtdix;AVG TDI Driver S? avgwd;AVG WatchDog S? BrcmMgmtAgent;Broadcom Management Agent S? tStLibG;tStLibG . =============== Created Last 30 ================ . 2014-04-15 03:49:20 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-15 03:46:06 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-15 03:46:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-15 03:46:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-04-15 03:46:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2014-04-15 03:15:10 -------- d-----w- c:\windows\ERUNT 2014-04-14 23:49:40 -------- d-----w- C:\AdwCleaner 2014-04-10 12:22:13 -------- d-----w- c:\program files\Free Window Sweeper 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2014-04-10 04:23:50 9652096 ----a-w- C:\TRANSLATE 2014-04-10 03:23:52 -------- d-----w- c:\program files\002 2014-04-10 03:12:19 -------- d-----w- c:\windows\system\Newrestore Folder 2014-04-09 17:59:02 -------- d-----w- c:\documents and settings\administrator\application data\AVAST Software 2014-04-09 17:47:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-04-09 17:47:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-04-09 17:47:35 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-04-09 17:47:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-04-09 17:47:33 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-04-09 17:47:33 252208 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2014-04-09 17:47:02 43152 ----a-w- c:\windows\avastSS.scr 2014-04-09 17:44:56 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2014-04-09 16:57:44 -------- d-----w- c:\program files\AVAST Software 2014-04-09 16:45:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2014-04-09 16:39:13 295080 ----a-w- c:\windows\system32\SecureAssist.dll 2014-04-09 16:33:29 -------- d-----w- C:\temp 2014-04-09 16:14:33 -------- d-----w- c:\program files\003 2014-04-09 05:32:52 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys 2014-04-09 04:03:21 -------- d-----w- c:\program files\Flash Update 2014-04-09 03:59:35 -------- d-----w- c:\program files\Laflurla 2014-04-09 01:22:43 -------- d-----w- c:\program files\BlockAndSurf Corp 2014-04-09 01:20:14 -------- d-----w- c:\program files\Convert Files for Free 2014-04-09 01:14:15 -------- d-----w- c:\documents and settings\administrator\.android 2014-04-09 01:14:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\cache 2014-04-09 01:05:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\com 2014-04-08 22:44:11 -------- d-----w- c:\documents and settings\administrator\application data\supportdotcom 2014-04-08 22:42:10 -------- d-----w- c:\program files\common files\supportdotcom 2014-04-08 22:08:52 53248 ----a-w- c:\windows\system32\CSVer.dll 2014-04-08 22:08:07 -------- d-----w- C:\Intel 2014-04-08 22:03:25 89600 ----a-w- c:\windows\system32\Baspxp32.dll 2014-04-08 22:00:01 -------- d-----w- c:\windows\Dell 2014-04-08 21:57:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations 2014-04-08 21:33:40 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-04-08 21:33:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SlimWare Utilities Inc 2014-04-08 18:52:47 -------- d-----w- C:\Inetpub 2014-03-26 22:21:55 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe 2014-03-26 22:21:55 13312 ------w- c:\windows\system32\xp_eos.exe 2014-03-21 16:46:46 152848 ----a-w- c:\windows\system32\comdlg32.ocx 2014-03-21 16:46:46 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2014-03-17 19:53:31 -------- d-----w- c:\documents and settings\all users\application data\Auslogics 2014-03-17 19:48:43 -------- d-----w- c:\program files\Auslogics 2014-03-17 19:07:05 -------- d-----w- c:\documents and settings\all users\application data\CDB . ==================== Find3M ==================== . 2014-04-09 19:32:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-04-09 19:32:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-02 02:07:04 199448 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2014-03-31 21:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2014-03-28 03:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2014-03-28 03:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2014-03-28 03:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2014-03-28 03:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys 2014-03-28 03:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2014-03-28 03:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll 2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll 2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll . ============= FINISH: 17:49:21.54 ===============
  10. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 17:46:42 on 2014-04-15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.59 [GMT -5:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Flash Update\winclient32.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:1546;https=127.0.0.1:1546 uProxyOverride = <-loopback> dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [zoUdechSLSwKJZdfXwMEoWYsVanyTgUGhEDeMdPUtUfZroLhGx] c:\documents and settings\administrator\local settings\application data\Crisis.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Windows Client Manager] c:\program files\flash update\winclient32.exe mRun: [fst_us_27] <no file> mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctOTQyODc3MzcxLU4xKzEtVklQKzEtVFVHKzMtRkkrMS1GTDEwKzEtTFNEKzItRERUKzAtU1QxMEFQUCsxLUREMTArMS1TVDEyT0krMS1FVUxBKzEtU1QxMkFQUCsxLVNUMTJGQVBQKzE"&"prod=55"&"ver=2012.0.1834"&"mid=1d772f946f7a47d6a6ffd15b79a6277a-98068252906bc42bbade9493ef22ef469d53e47f uExplorerRun: [Policies] c:\program files\java\java.exe mExplorerRun: [Policies] c:\program files\java\java.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe TCP: NameServer = 192.168.1.254 TCP: Interfaces\{7D34DF27-1C96-4169-B78F-FBD4AAC65D36} : DHCPNameServer = 192.168.1.254 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 nwprovau mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {J1C03LFT-D10V-35H7-Y3US-D8D16X05341A} - c:\program files\java\java.exe Restart IFEO: DatamngrCoordinator.exe - tasklist.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\opm5vmj3.default-1397016665796\ FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R? AVGIDSAgent;AVGIDSAgent R? axjbfvzv;axjbfvzv R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? cpuz134;cpuz134 R? ssmirrdr;ssmirrdr R? SWDUMon;SWDUMon R? Update Laflurla;Update Laflurla R? Wajam Internet Enhancer Service;Wajam Internet Enhancer Service R? WinRM;Windows Remote Management (WS-Management) R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? aswKbd;aswKbd S? aswMonFlt;aswMonFlt S? aswNdis;avast! Firewall NDIS Filter Service S? aswNdis2;avast! Firewall NDIS Driver S? aswRvrt;avast! Revert S? aswSnx;aswSnx S? aswSP;aswSP S? aswVmm;avast! VM Monitor S? avast! Antivirus;avast! Antivirus S? avast! Firewall;avast! Firewall S? Avgdiskx;AVG Disk Driver S? AVGIDSDriver;AVGIDSDriver S? AVGIDSHX;AVGIDSHX S? AVGIDSShim;AVGIDSShim S? Avgldx86;AVG AVI Loader Driver S? Avglogx;AVG Logging Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? Avgtdix;AVG TDI Driver S? avgwd;AVG WatchDog S? BrcmMgmtAgent;Broadcom Management Agent S? tStLibG;tStLibG . =============== Created Last 30 ================ . 2014-04-15 03:49:20 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-15 03:46:06 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-15 03:46:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-15 03:46:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-04-15 03:46:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2014-04-15 03:15:10 -------- d-----w- c:\windows\ERUNT 2014-04-14 23:49:40 -------- d-----w- C:\AdwCleaner 2014-04-10 12:22:13 -------- d-----w- c:\program files\Free Window Sweeper 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2014-04-10 04:23:50 9652096 ----a-w- C:\TRANSLATE 2014-04-10 03:23:52 -------- d-----w- c:\program files\002 2014-04-10 03:12:19 -------- d-----w- c:\windows\system\Newrestore Folder 2014-04-09 17:59:02 -------- d-----w- c:\documents and settings\administrator\application data\AVAST Software 2014-04-09 17:47:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-04-09 17:47:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-04-09 17:47:35 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-04-09 17:47:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-04-09 17:47:33 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-04-09 17:47:33 252208 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2014-04-09 17:47:02 43152 ----a-w- c:\windows\avastSS.scr 2014-04-09 17:44:56 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2014-04-09 16:57:44 -------- d-----w- c:\program files\AVAST Software 2014-04-09 16:45:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2014-04-09 16:39:13 295080 ----a-w- c:\windows\system32\SecureAssist.dll 2014-04-09 16:33:29 -------- d-----w- C:\temp 2014-04-09 16:14:33 -------- d-----w- c:\program files\003 2014-04-09 05:32:52 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys 2014-04-09 04:03:21 -------- d-----w- c:\program files\Flash Update 2014-04-09 03:59:35 -------- d-----w- c:\program files\Laflurla 2014-04-09 01:22:43 -------- d-----w- c:\program files\BlockAndSurf Corp 2014-04-09 01:20:14 -------- d-----w- c:\program files\Convert Files for Free 2014-04-09 01:14:15 -------- d-----w- c:\documents and settings\administrator\.android 2014-04-09 01:14:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\cache 2014-04-09 01:05:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\com 2014-04-08 22:44:11 -------- d-----w- c:\documents and settings\administrator\application data\supportdotcom 2014-04-08 22:42:10 -------- d-----w- c:\program files\common files\supportdotcom 2014-04-08 22:08:52 53248 ----a-w- c:\windows\system32\CSVer.dll 2014-04-08 22:08:07 -------- d-----w- C:\Intel 2014-04-08 22:03:25 89600 ----a-w- c:\windows\system32\Baspxp32.dll 2014-04-08 22:00:01 -------- d-----w- c:\windows\Dell 2014-04-08 21:57:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations 2014-04-08 21:33:40 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-04-08 21:33:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SlimWare Utilities Inc 2014-04-08 18:52:47 -------- d-----w- C:\Inetpub 2014-03-26 22:21:55 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe 2014-03-26 22:21:55 13312 ------w- c:\windows\system32\xp_eos.exe 2014-03-21 16:46:46 152848 ----a-w- c:\windows\system32\comdlg32.ocx 2014-03-21 16:46:46 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2014-03-17 19:53:31 -------- d-----w- c:\documents and settings\all users\application data\Auslogics 2014-03-17 19:48:43 -------- d-----w- c:\program files\Auslogics 2014-03-17 19:07:05 -------- d-----w- c:\documents and settings\all users\application data\CDB . ==================== Find3M ==================== . 2014-04-09 19:32:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-04-09 19:32:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-02 02:07:04 199448 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2014-03-31 21:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2014-03-28 03:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2014-03-28 03:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2014-03-28 03:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2014-03-28 03:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys 2014-03-28 03:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2014-03-28 03:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll 2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll 2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll . ============= FINISH: 17:49:21.54 ===============
  11. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 17:46:42 on 2014-04-15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.59 [GMT -5:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Flash Update\winclient32.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:1546;https=127.0.0.1:1546 uProxyOverride = <-loopback> dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe,c:\windows\system32\windupdt\winupdate.exe BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [zoUdechSLSwKJZdfXwMEoWYsVanyTgUGhEDeMdPUtUfZroLhGx] c:\documents and settings\administrator\local settings\application data\Crisis.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Windows Client Manager] c:\program files\flash update\winclient32.exe mRun: [fst_us_27] <no file> mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctOTQyODc3MzcxLU4xKzEtVklQKzEtVFVHKzMtRkkrMS1GTDEwKzEtTFNEKzItRERUKzAtU1QxMEFQUCsxLUREMTArMS1TVDEyT0krMS1FVUxBKzEtU1QxMkFQUCsxLVNUMTJGQVBQKzE"&"prod=55"&"ver=2012.0.1834"&"mid=1d772f946f7a47d6a6ffd15b79a6277a-98068252906bc42bbade9493ef22ef469d53e47f uExplorerRun: [Policies] c:\program files\java\java.exe mExplorerRun: [Policies] c:\program files\java\java.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe TCP: NameServer = 192.168.1.254 TCP: Interfaces\{7D34DF27-1C96-4169-B78F-FBD4AAC65D36} : DHCPNameServer = 192.168.1.254 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 nwprovau mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {J1C03LFT-D10V-35H7-Y3US-D8D16X05341A} - c:\program files\java\java.exe Restart IFEO: DatamngrCoordinator.exe - tasklist.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\opm5vmj3.default-1397016665796\ FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R? AVGIDSAgent;AVGIDSAgent R? axjbfvzv;axjbfvzv R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? cpuz134;cpuz134 R? ssmirrdr;ssmirrdr R? SWDUMon;SWDUMon R? Update Laflurla;Update Laflurla R? Wajam Internet Enhancer Service;Wajam Internet Enhancer Service R? WinRM;Windows Remote Management (WS-Management) R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? aswKbd;aswKbd S? aswMonFlt;aswMonFlt S? aswNdis;avast! Firewall NDIS Filter Service S? aswNdis2;avast! Firewall NDIS Driver S? aswRvrt;avast! Revert S? aswSnx;aswSnx S? aswSP;aswSP S? aswVmm;avast! VM Monitor S? avast! Antivirus;avast! Antivirus S? avast! Firewall;avast! Firewall S? Avgdiskx;AVG Disk Driver S? AVGIDSDriver;AVGIDSDriver S? AVGIDSHX;AVGIDSHX S? AVGIDSShim;AVGIDSShim S? Avgldx86;AVG AVI Loader Driver S? Avglogx;AVG Logging Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? Avgtdix;AVG TDI Driver S? avgwd;AVG WatchDog S? BrcmMgmtAgent;Broadcom Management Agent S? tStLibG;tStLibG . =============== Created Last 30 ================ . 2014-04-15 03:49:20 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-15 03:46:06 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-15 03:46:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-15 03:46:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-04-15 03:46:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2014-04-15 03:15:10 -------- d-----w- c:\windows\ERUNT 2014-04-14 23:49:40 -------- d-----w- C:\AdwCleaner 2014-04-10 12:22:13 -------- d-----w- c:\program files\Free Window Sweeper 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2014-04-10 05:33:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2014-04-10 04:23:50 9652096 ----a-w- C:\TRANSLATE 2014-04-10 03:23:52 -------- d-----w- c:\program files\002 2014-04-10 03:12:19 -------- d-----w- c:\windows\system\Newrestore Folder 2014-04-09 17:59:02 -------- d-----w- c:\documents and settings\administrator\application data\AVAST Software 2014-04-09 17:47:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-04-09 17:47:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-04-09 17:47:35 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-04-09 17:47:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-04-09 17:47:33 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-04-09 17:47:33 252208 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2014-04-09 17:47:02 43152 ----a-w- c:\windows\avastSS.scr 2014-04-09 17:44:56 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2014-04-09 16:57:44 -------- d-----w- c:\program files\AVAST Software 2014-04-09 16:45:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2014-04-09 16:39:13 295080 ----a-w- c:\windows\system32\SecureAssist.dll 2014-04-09 16:33:29 -------- d-----w- C:\temp 2014-04-09 16:14:33 -------- d-----w- c:\program files\003 2014-04-09 05:32:52 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys 2014-04-09 04:03:21 -------- d-----w- c:\program files\Flash Update 2014-04-09 03:59:35 -------- d-----w- c:\program files\Laflurla 2014-04-09 01:22:43 -------- d-----w- c:\program files\BlockAndSurf Corp 2014-04-09 01:20:14 -------- d-----w- c:\program files\Convert Files for Free 2014-04-09 01:14:15 -------- d-----w- c:\documents and settings\administrator\.android 2014-04-09 01:14:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\cache 2014-04-09 01:05:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\com 2014-04-08 22:44:11 -------- d-----w- c:\documents and settings\administrator\application data\supportdotcom 2014-04-08 22:42:10 -------- d-----w- c:\program files\common files\supportdotcom 2014-04-08 22:08:52 53248 ----a-w- c:\windows\system32\CSVer.dll 2014-04-08 22:08:07 -------- d-----w- C:\Intel 2014-04-08 22:03:25 89600 ----a-w- c:\windows\system32\Baspxp32.dll 2014-04-08 22:00:01 -------- d-----w- c:\windows\Dell 2014-04-08 21:57:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations 2014-04-08 21:33:40 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-04-08 21:33:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SlimWare Utilities Inc 2014-04-08 18:52:47 -------- d-----w- C:\Inetpub 2014-03-26 22:21:55 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe 2014-03-26 22:21:55 13312 ------w- c:\windows\system32\xp_eos.exe 2014-03-21 16:46:46 152848 ----a-w- c:\windows\system32\comdlg32.ocx 2014-03-21 16:46:46 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2014-03-17 19:53:31 -------- d-----w- c:\documents and settings\all users\application data\Auslogics 2014-03-17 19:48:43 -------- d-----w- c:\program files\Auslogics 2014-03-17 19:07:05 -------- d-----w- c:\documents and settings\all users\application data\CDB . ==================== Find3M ==================== . 2014-04-09 19:32:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-04-09 19:32:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-02 02:07:04 199448 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2014-03-31 21:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2014-03-28 03:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2014-03-28 03:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2014-03-28 03:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2014-03-28 03:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys 2014-03-28 03:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2014-03-28 03:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll 2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll 2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll . ============= FINISH: 17:49:21.54 ===============
  12. Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Administrator on Mon 04/14/2014 at 22:16:01.53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] cltmngsvc Successfully deleted: [service] cltmngsvc ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CEFF4BCF-790F-4DE9-9D83-60CB7B9E9DF0} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\sparktrust" Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\fixcleaner" Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\sparktrust" Successfully deleted: [Folder] "C:\Program Files\couponalert_2pei" Successfully deleted: [Folder] "C:\Program Files\fixcleaner" Successfully deleted: [Folder] "C:\Program Files\popularscreensavers_7iei" ~~~ FireFox Successfully deleted: [File] C:\user.js ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 04/14/2014 at 22:31:38.50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~