Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System under the system?


  • This topic is locked This topic is locked
26 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 05 June 2013 - 12:05 PM

Working on a friends computer to clean up some infections but having trouble. With some scans I am still showing AVG being active despite the fact I've removed virtually every trace I could find and used the AVG uninstaller.

Programs running slow and despite going into Safe Mode I cannot get Amdinistrator access even when using the admin icon in Safe Mode?

Here is the DDS logfile:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jerry at 12:58:27 on 2013-06-05
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.549 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2012 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CCleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370316778828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{EFC93507-7CD8-43E7-A74A-E434C2F6E706} : DHCPNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-4 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-4 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-4 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-4 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-4 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-4 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-4 46808]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 352248]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-05 04:16:50 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-05 04:11:13 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-06-04 21:04:49 -------- d-----w- c:\program files\Trend Micro
2013-06-04 04:35:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-06-04 04:35:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-06-04 04:35:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-06-04 04:35:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-06-04 04:35:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-06-04 04:24:06 -------- d-----w- c:\program files\iPod
2013-06-04 04:23:57 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-04 04:03:14 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-04 04:03:13 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-04 04:03:13 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-04 04:03:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-04 04:02:08 41664 ----a-w- c:\windows\avastSS.scr
2013-06-04 04:01:24 -------- d-----w- c:\program files\AVAST Software
2013-06-04 04:01:12 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-03 21:28:55 -------- d-----w- c:\program files\Defraggler
2013-06-03 20:15:16 -------- d-----w- c:\documents and settings\jerry\application data\Malwarebytes
2013-06-03 20:15:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-03 20:15:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-03 20:15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-03 19:53:05 -------- d-sha-r- C:\cmdcons
2013-06-03 19:51:06 98816 ----a-w- c:\windows\sed.exe
2013-06-03 19:51:06 256000 ----a-w- c:\windows\PEV.exe
2013-06-03 19:51:06 208896 ----a-w- c:\windows\MBR.exe
2013-06-03 19:43:37 -------- d-----w- c:\program files\CCleaner
2013-06-03 19:27:03 -------- d-----w- c:\documents and settings\jerry\application data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
2013-06-03 18:43:10 -------- d-----w- c:\program files\VS Revo Group
2013-06-02 21:25:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2013-06-02 15:57:40 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-06-02 15:57:40 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-06-02 15:54:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-02 15:54:28 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-06-02 15:54:28 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-05-24 15:33:26 -------- d-----w- c:\documents and settings\jerry\local settings\application data\Mozilla
2013-05-15 13:49:26 8534408 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2013-05-15 13:49:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 13:49:32 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-25 15:24:46 465280 ----a-r- c:\windows\cpnprt2win32.cid
2013-03-25 15:24:45 465280 ------w- c:\windows\system32\cpnprt2win32.cid
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 12:59:16.95 ===============

 



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 10 June 2013 - 04:07 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 11 June 2013 - 01:21 PM

Ok still having the same problem. When I run Combofix I get a message about AVG still running on the system despite using the AVG removal tool twice. Because of that Combofix will not run in admin mode. I've previously tried before in Safe Mode and had the same results.
In the meantime here are the limited results:

 

ComboFix 13-06-08.02 - Jerry 06/11/2013  13:56:15.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.633 [GMT -4:00]
Running from: c:\documents and settings\Jerry\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-05 04:16 . 2013-06-05 04:16 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-05 04:11 . 2013-06-05 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-06-05 02:38 . 2013-06-05 03:48 -------- d-----w- c:\documents and settings\Administrator
2013-06-04 21:04 . 2013-06-04 21:04 -------- d-----w- c:\program files\Trend Micro
2013-06-04 04:35 . 2013-06-04 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-06-04 04:35 . 2013-06-04 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-06-04 04:35 . 2013-06-04 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-06-04 04:35 . 2013-06-04 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-06-04 04:35 . 2013-06-04 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-06-04 04:35 . 2013-06-04 04:35 -------- d-----w- c:\program files\QuickTime
2013-06-04 04:24 . 2013-06-04 04:24 -------- d-----w- c:\program files\iPod
2013-06-04 04:23 . 2013-06-04 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-04 04:03 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-04 04:03 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-04 04:03 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-06-04 04:03 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-04 04:03 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-04 04:03 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-04 04:03 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-04 04:03 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-04 04:03 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-04 04:02 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-04 04:01 . 2013-06-04 04:01 -------- d-----w- c:\program files\AVAST Software
2013-06-04 04:01 . 2013-06-04 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-06-03 21:28 . 2013-06-03 21:28 -------- d-----w- c:\program files\Defraggler
2013-06-03 20:15 . 2013-06-03 20:15 -------- d-----w- c:\documents and settings\Jerry\Application Data\Malwarebytes
2013-06-03 20:15 . 2013-06-03 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-03 20:15 . 2013-06-03 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-03 20:15 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-03 19:43 . 2013-06-03 19:43 -------- d-----w- c:\program files\CCleaner
2013-06-03 19:27 . 2013-06-03 19:27 -------- d-----w- c:\documents and settings\Jerry\Application Data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
2013-06-03 18:43 . 2013-06-05 16:55 -------- d-----w- c:\program files\VS Revo Group
2013-06-02 23:23 . 2013-06-02 23:23 -------- d-sh--w- c:\documents and settings\Stephen Todd's Ipod\IECompatCache
2013-06-02 21:25 . 2013-06-02 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2013-06-02 15:57 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-06-02 15:57 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-06-02 15:54 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-02 15:54 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-06-02 15:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-05-24 15:33 . 2013-06-05 04:16 -------- d-----w- c:\documents and settings\Jerry\Local Settings\Application Data\Mozilla
2013-05-15 13:49 . 2013-05-15 13:49 8534408 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 13:49 . 2012-06-07 11:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 13:49 . 2011-06-03 12:46 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-16 22:17 . 2002-09-03 17:12 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2002-09-03 17:11 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-25 15:24 . 2013-03-25 15:24 465280 ----a-r- c:\windows\cpnprt2win32.cid
2013-03-25 15:24 . 2013-03-25 15:24 465280 ------w- c:\windows\system32\cpnprt2win32.cid
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-05-24 3591960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 -c--a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 02:27 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 14:34 81920 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 16:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 18:16 49152 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 18:16 741376 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"vToolbarUpdater15.2.0"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [6/4/2013 12:03 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [6/4/2013 12:03 AM 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/4/2013 12:03 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/4/2013 12:03 AM 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2013 12:03 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/4/2013 12:03 AM 66336]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 12:03 PM 352248]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-06-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-04 08:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-11 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ec,39,df,7e,12,f4,40,9b,2f,a1,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ec,39,df,7e,12,f4,40,9b,2f,a1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-06-11  14:07:59
ComboFix-quarantined-files.txt  2013-06-11 18:07
ComboFix2.txt  2013-06-05 15:52
.
Pre-Run: 51,531,878,400 bytes free
Post-Run: 51,614,560,256 bytes free
.
- - End Of File - - 4DD490582BCB90A526BBB1D2852835AF
8F558EB6672622401DA993E1E865C861



#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 11 June 2013 - 04:36 PM

Good morning sh4rkbyt3

 

Please download to your Desktop SystemLook by jpshortstuff from here.
Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan:

:filefind
*AVG*
:folderfind
*AVG*
:regfind
AVG

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt.

 

 

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 12 June 2013 - 08:20 PM

Here are the results of the scan and btw thank you very much for your help, it's greatly appreciated.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:26 on 12/06/2013 by Jerry
Administrator - Elevation successful

========== filefind ==========

Searching for "*AVG*"
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\128-AVG-logo.png --a---- 5850 bytes [23:23 02/06/2013] [23:23 02/06/2013] DF289CA68A38B83F70ED004A1DFBDF16
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\16-AVG-logo.png --a---- 703 bytes [23:23 02/06/2013] [23:23 02/06/2013] C7E57F4185E221617FFE0AC0A202D676
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\48-AVG-logo.png --a---- 1460 bytes [23:23 02/06/2013] [23:23 02/06/2013] E42CA2AFF720BEEBC9A42EE600F06187
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\avg_icon_128.png --a---- 9136 bytes [23:23 02/06/2013] [23:23 02/06/2013] D17D9FE4D74005FEB50DA1F3C3EC283B
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\avg_icon_16.png --a---- 710 bytes [23:23 02/06/2013] [23:23 02/06/2013] CFB36F753B03EC960559A1B3D7BA5D02
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\avg_icon_48.png --a---- 2686 bytes [23:23 02/06/2013] [23:23 02/06/2013] B0A19C183D54B0ED026593157773C3DA
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\logoAVG.png --a---- 895 bytes [23:23 02/06/2013] [23:23 02/06/2013] B33A4D52B85B79C6DA03C5BBE2AFD521
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\dnt_disabled\attentionAVG.png --a---- 2085 bytes [23:23 02/06/2013] [23:23 02/06/2013] CB3DEEA2AD48C2FAFDB47EC196633EB9
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\search_box\AVG-Do-Not-Track.png --a---- 1548 bytes [23:23 02/06/2013] [23:23 02/06/2013] F7E8B37642C3825A69905A3E33FA9F52
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\icons\search_box\AVG-Secure-Search.png --a---- 1615 bytes [23:23 02/06/2013] [23:23 02/06/2013] 647E1B13BB78220611DAA3F2D4A480D5
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\Google\Chrome Frame\User Data\iexplore\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\content\tabs\logoAVG.png --a---- 1899 bytes [23:23 02/06/2013] [23:23 02/06/2013] D9DCA363E8EFCA4677AE2759EB674977

========== folderfind ==========

Searching for "*AVG*"
C:\Documents and Settings\Administrator\Application Data\AVG2012 d------ [02:38 05/06/2013]
C:\Documents and Settings\Default User\Application Data\AVG2012 d------ [22:42 31/01/2013]
C:\Documents and Settings\Jerry\Application Data\AVG Secure Search d------ [15:36 26/09/2011]
C:\Documents and Settings\Jerry\Application Data\AVG2012 d------ [15:34 26/09/2011]
C:\Documents and Settings\Jerry\Local Settings\Application Data\AVG Secure Search d------ [20:27 14/06/2012]
C:\Documents and Settings\Stephen Todd's Ipod\Local Settings\Application Data\AVG Secure Search d------ [18:11 22/03/2013]

========== regfind ==========

Searching for "AVG"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
@="AVG"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayRSAlert]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayScanFinished]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayScanFinishedThreatFound]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayScanStarted]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayUpdEnd]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayUpdEndFail]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayUpdStart]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\avgtrayWSAlert]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG2012\avguires.dll,-128"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\avgdtie.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0CAFC38D-0791-49A2-8B49-543C7843A009}]
@="avgdtie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackBHO]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackBHO]
@="AVG Do Not Track"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackBHO\CurVer]
@="avgdtie.DoNotTrackBHO.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackBHO.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackBHO.1]
@="AVG Do Not Track"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackButton\CurVer]
@="avgdtie.DoNotTrackButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avgdtie.DoNotTrackButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification\CurVer]
@="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\ProgID]
@="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\VersionIndependentProgID]
@="AVGeneralNotification.AVGeneralNotification"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\Path]
"x86"="C:\Program Files\AVG\AVG2012\avgapix.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
"url"="fwstats.mtrap.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj]
@="AVG Security Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
@="AVG Secure Search.PugiObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj.1]
@="AVG Security Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\0\win32]
@="C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\HELPDIR]
@="C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb\15.2.0\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb\15.2.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32]
@="C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR]
@="C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C87AD92B-D49D-41BF-9AD3-AF83D35245B3}\1.0]
@="avgdtie 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C87AD92B-D49D-41BF-9AD3-AF83D35245B3}\1.0\0\win32]
@="C:\Program Files\AVG\AVG2012\avgdtiex.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C87AD92B-D49D-41BF-9AD3-AF83D35245B3}\1.0\HELPDIR]
@="C:\Program Files\AVG\AVG2012\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F224B128-6DDF-4E0A-870E-0C9CDFF7C57E}\1.0]
@="AVG Packet Filter Notify 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F224B128-6DDF-4E0A-870E-0C9CDFF7C57E}\1.0\0\win32]
@="C:\WINDOWS\system32\avgfwdx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\avgfws]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\avgfws8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\avgmfapx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\avgtray]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\avgui]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4923BEFB362984D43B1F9C1BA9185041]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\systoolslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DEED72E391A5C04E9DD0528AC900FEF]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\fwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABD4495076F8C342BE6AC610F4FC2AD]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\amlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\idplog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\Documents and Settings\All Users\Application Data\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C1BA80FB753302f42A00E8BBE82FC795\Features]
"BufferChm"=".S0lqB30%AOj!,Z!]ncTgu1}a'%%o9hE)^G_acXpx3!zWPhrq8&D@uZ`TPfRlK]77X%1L@6PgxvA+&!bx}Q(Q9Ji?9Su565J~M7@ok&R=StA6?)pL]VgbS1DI{yG?{?Bz?KvOvgwR^71Tm`57-{,d==LyKNnPe&woAx7]$V{DAr.FOVtqD+4?6m~^23BR=Cs_@'-P^VK^**e%+([N=dtG2a%5OvVPr~CF*p!)A`v[Z=?V88`dlrcialYK9(m^PihfvcI4K'yukD}29QsE=)[RC'Es-y[TC)Yk@+=8++u&f&?A)h(jdoE[=uF5J)Sps6r${)vXRh@(A'R$e?vlk4uVYSrBhg[m9h8F)%&4RPi}I-6Fx%AQ?j9B?vA4)F`CMeM(@Ym59b*6b,xoj!nEVGXTV@qd@@TLaps(-*L3RoYe?O(8?&xpmZ6n4'XsOe{Asn~59D)yx$m=3RjYAocKj!-g=yz8q0E=&(S]X5ypsD_g?GMtt`1SuX2K0X-`=oSz@V}~9$9=m$P3U7T]d){`8T(Z_^d1%5=g6!!VpXH!@sY~t1RU}Ly{tVww7T~R@=j3rj]jTSt$GmPwq=hT9EgI&*8q*ANxW~aj8TVZ@xt$M`qg{PQ$s,C3xF+G?~M^[!~VP0,(T]!-IG(QA0xsfl!&n~Z4rO3Ka21i8WXK48!{GkoV@Hr=?A1~=t_Ong[a6=4(!{be_idi?~zLD%[4{hHOipHykBQVA@LBa`t%^PhLwzuG2JcE=C%0U633!D)sY)Pj-]Y=9{c(_-a2bK5p`E%1V?jPAS~)p%1)Bak^kC[ei,~WAu5(PWmm+qt)LGan5Y0x=eg)5{Gk.yKa0]5,wHah8Iv4hBI{w(,wRO~UmH)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer.  5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the duration of the idle thread is active in the sample interval, and subtracting that time from interval duration.  (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network]
"FilterClasses"="scheduler loadbalance avgfilter failover"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHX\0000]
"Service"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHX\0000]
"DeviceDesc"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP\0000]
"Service"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP\0000]
"DeviceDesc"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
"DisplayName"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
"Description"="AVG Technologies IDS Application Activity Monitor Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX\Enum]
"0"="Root\LEGACY_AVGIDSHX\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\avgtpx86.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
"DisplayName"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp\Instances]
"DefaultInstance"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp\Instances\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp\Enum]
"0"="Root\LEGACY_AVGTP\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network]
"FilterClasses"="scheduler loadbalance avgfilter failover"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHX\0000]
"Service"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHX\0000]
"DeviceDesc"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTP\0000]
"Service"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTP\0000]
"DeviceDesc"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGIDSHX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGIDSHX]
"DisplayName"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGIDSHX]
"Description"="AVG Technologies IDS Application Activity Monitor Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGIDSHX\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avgtp]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\avgtpx86.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avgtp]
"DisplayName"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avgtp\Instances]
"DefaultInstance"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avgtp\Instances\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network]
"FilterClasses"="scheduler loadbalance avgfilter failover"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHX\0000]
"Service"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHX\0000]
"DeviceDesc"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP\0000]
"Service"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP\0000]
"DeviceDesc"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHX]
"DisplayName"="AVGIDSHX"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHX]
"Description"="AVG Technologies IDS Application Activity Monitor Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHX\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHX\Enum]
"0"="Root\LEGACY_AVGIDSHX\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtp]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\avgtpx86.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtp]
"DisplayName"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtp\Instances]
"DefaultInstance"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtp\Instances\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtp\Enum]
"0"="Root\LEGACY_AVGTP\0000"
[HKEY_USERS\.DEFAULT\Software\Avg]
[HKEY_USERS\.DEFAULT\Software\Avg\Avg10]
[HKEY_USERS\.DEFAULT\Software\Avg\Avg8]
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\.DEFAULT\Software\AVG Security Toolbar]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\Temp\AVGProductUpdate.exe"="AVG Security Toolbar                                        "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\AVG\AVG10\avgui.exe"="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\AVG\AVG10\avgui.exe"="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\AVG\AVG10\avgtray.exe"="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\AVG\AVG10\avgtray.exe"="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\13.2.0\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\14.0.1\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\14.1.7\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\14.2.0\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\15.2.0\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\S-1-5-19\Software\Avg]
[HKEY_USERS\S-1-5-19\Software\Avg\Avg8]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-20\Software\Avg]
[HKEY_USERS\S-1-5-20\Software\Avg\Avg8]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray]
@="AVG"
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayRSAlert]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayScanFinished]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayScanStarted]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayUpdEnd]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayUpdEndFail]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayUpdStart]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\AppEvents\Schemes\Apps\avgtray\avgtrayWSAlert]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Classes\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004\Software\Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004_Classes\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004_Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004_Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-343818398-1364589140-725345543-1004_Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-18\Software\Avg]
[HKEY_USERS\S-1-5-18\Software\Avg\Avg10]
[HKEY_USERS\S-1-5-18\Software\Avg\Avg8]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Security Toolbar]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\Temp\AVGProductUpdate.exe"="AVG Security Toolbar                                        "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\AVG\AVG10\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\AVG\AVG10\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\AVG\AVG10\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\AVG\AVG10\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\13.2.0\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\14.0.1\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\14.1.7\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\14.2.0\DriverInstaller.exe"="DriverIn"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\15.2.0\DriverInstaller.exe"="DriverIn"

-= EOF =-



#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 13 June 2013 - 07:21 AM

Hello sh4rkbyt3,

 

Please download the latest version of AVG. Install it (repair your current installation if prompted).

 

Then try uninstalling. Did that work?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 13 June 2013 - 12:23 PM

Ok it appears to have at least removed key components by doing what you suggested. It's responding a little faster now also. Next course?



#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 13 June 2013 - 04:36 PM

Hey sh4rkbyt3,

 

Excellent!

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 13 June 2013 - 09:07 PM

OTL logfile created on: 6/13/2013 9:58:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.00 Mb Total Physical Memory | 584.96 Mb Available Physical Memory | 57.18% Memory free
1.28 Gb Paging File | 0.96 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.16 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
 
Computer Name: TODD-1L66DAFERH | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/13 21:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/13 12:50:15 | 002,087,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13061301\algo.dll
MOD - [2013/06/13 06:07:53 | 002,087,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13061300\algo.dll
MOD - [2013/05/17 08:31:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/15 13:49:48 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/02/13 12:25:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/01/10 22:27:29 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/10 22:25:49 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll
MOD - [2013/01/10 21:02:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 20:57:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 20:57:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/15 09:49:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jerry\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {904A6E62-1FFE-4F44-89FB-630B27B32B37}
IE - HKCU\..\SearchScopes\{904A6E62-1FFE-4F44-89FB-630B27B32B37}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
O1 HOSTS File: ([2013/06/03 16:01:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370316778828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC93507-7CD8-43E7-A74A-E434C2F6E706}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\viprotocol - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/13 16:25:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 21:55:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2013/06/13 21:53:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry\Recent
[2013/06/13 12:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/06/12 20:18:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/11 14:08:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/11 13:51:42 | 005,078,680 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerry\Desktop\ComboFix.exe
[2013/06/05 12:58:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerry\Desktop\dds.scr
[2013/06/05 12:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Start Menu\Programs\Revo Uninstaller
[2013/06/05 11:38:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 00:37:35 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jerry\Desktop\rkill.exe
[2013/06/05 00:32:00 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\TFC.exe
[2013/06/05 00:16:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/06/05 00:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/06/04 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/06/04 00:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/04 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/04 00:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\My Documents\Downloads
[2013/06/04 00:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/06/04 00:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/04 00:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/04 00:03:17 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/06/04 00:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/06/04 00:03:16 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/04 00:03:15 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/06/04 00:03:14 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/04 00:03:14 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/06/04 00:03:11 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/06/04 00:03:11 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/06/04 00:02:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/06/04 00:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/04 00:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/06/03 17:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/06/03 16:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Application Data\Malwarebytes
[2013/06/03 16:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/03 16:15:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/03 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/03 15:53:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/03 15:51:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/03 15:51:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/03 15:51:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/03 15:51:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/03 15:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/03 15:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/03 15:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Application Data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
[2013/06/03 14:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/06/02 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2013/06/02 11:57:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/06/02 11:54:28 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/05/24 11:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Mozilla
[2013/05/15 09:49:26 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 21:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2013/06/13 21:42:23 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/13 21:40:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/12 20:17:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/11 13:51:44 | 005,078,680 | R--- | M] (Swearware) -- C:\Documents and Settings\Jerry\Desktop\ComboFix.exe
[2013/06/05 12:56:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/05 12:55:21 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Revo Uninstaller.lnk
[2013/06/05 00:16:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/06/04 00:35:32 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/04 00:24:56 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/04 00:03:17 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/04 00:03:11 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/03 17:28:58 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/06/03 16:15:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 16:01:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/03 15:53:10 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013/06/03 15:43:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/06/03 15:41:54 | 000,000,239 | ---- | M] () -- C:\Boot.bak
[2013/05/24 10:59:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/17 18:07:22 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/16 08:04:03 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 13:50:16 | 000,472,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 13:50:16 | 000,075,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 09:49:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 09:49:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/15 09:49:26 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2013/06/05 12:55:21 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jerry\Desktop\Revo Uninstaller.lnk
[2013/06/04 00:35:32 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/04 00:24:56 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/04 00:03:17 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/04 00:03:13 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/04 00:03:13 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/04 00:03:12 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/03 17:28:58 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/06/03 16:15:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:53:10 | 000,000,239 | ---- | C] () -- C:\Boot.bak
[2013/06/03 15:53:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/06/03 15:51:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/03 15:51:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/03 15:51:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/03 15:51:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/03 15:51:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/03 15:43:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/30 18:10:36 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\dt.dat
[2012/05/17 10:41:22 | 000,139,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-1364589140-725345543-1004-0.dat
[2012/05/16 14:36:23 | 000,139,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 08:50:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/08 19:57:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/04/18 10:03:38 | 000,002,210 | ---- | C] () -- C:\Documents and Settings\Jerry\Application Data\evpro32.prf
[2009/12/17 15:52:21 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2012/01/23 21:23:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2008/07/13 16:25:06 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/06/03 15:41:54 | 000,000,239 | ---- | M] () -- C:\Boot.bak
[2013/06/03 15:53:10 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013/06/11 14:08:00 | 000,016,086 | ---- | M] () -- C:\ComboFix.txt
[2008/07/13 16:25:06 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/13 16:25:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/13 16:25:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/13 18:38:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/20 22:15:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/06/13 21:40:17 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-13 02:28:02
 
<  >

< End of report >

 

 

OTL Extras logfile created on: 6/13/2013 9:58:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.00 Mb Total Physical Memory | 584.96 Mb Available Physical Memory | 57.18% Memory free
1.28 Gb Paging File | 0.96 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.16 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
 
Computer Name: TODD-1L66DAFERH | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirstRunDisabled" =
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A760067A-C07E-1033-0000-A764AC000008}" = Avery Template
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ExamView Pro" = ExamView Pro
"HP Smart Web Printing" = HP Smart Web Printing
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Revo Uninstaller" = Revo Uninstaller 1.94
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/9/2013 6:33:51 PM | Computer Name = TODD-1L66DAFERH | Source = Microsoft Office 10 | ID = 1001
Description = Fault bucket 37837216.
 
Error - 3/9/2013 6:39:44 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.4030.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/9/2013 6:50:49 PM | Computer Name = TODD-1L66DAFERH | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.4030.0, faulting module
 mso.dll, version 10.0.2625.0, fault address 0x0001bcf5.
 
Error - 3/13/2013 8:10:36 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/22/2013 2:15:00 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/22/2013 3:15:25 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/25/2013 3:34:53 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/25/2013 3:34:55 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
 
Error - 3/26/2013 8:34:39 PM | Computer Name = TODD-1L66DAFERH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x6e04b010.
 
Error - 4/15/2013 9:10:18 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 6/11/2013 1:45:58 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/12/2013 8:19:33 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/12/2013 8:19:33 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/13/2013 1:10:56 AM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 1:10:56 AM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/13/2013 12:38:21 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 12:38:21 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/13/2013 1:01:32 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 1:16:30 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 9:41:57 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
 
< End of report >
 



#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 14 June 2013 - 03:52 AM

Good evening sh4rkbyt3,

 

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.

    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

 

Also, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

=====

 

In your reply I would like to see the contents of the following logs please:

 

  • OTL fix log.

  • checkup.txt.

How is your computer running now?

 

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 14 June 2013 - 09:58 AM

OTL logfile created on: 6/13/2013 9:58:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.00 Mb Total Physical Memory | 584.96 Mb Available Physical Memory | 57.18% Memory free
1.28 Gb Paging File | 0.96 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.16 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
 
Computer Name: TODD-1L66DAFERH | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/13 21:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/13 12:50:15 | 002,087,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13061301\algo.dll
MOD - [2013/06/13 06:07:53 | 002,087,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13061300\algo.dll
MOD - [2013/05/17 08:31:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/15 13:49:48 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/02/13 12:25:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/01/10 22:27:29 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/10 22:25:49 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll
MOD - [2013/01/10 21:02:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 20:57:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 20:57:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/15 09:49:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jerry\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {904A6E62-1FFE-4F44-89FB-630B27B32B37}
IE - HKCU\..\SearchScopes\{904A6E62-1FFE-4F44-89FB-630B27B32B37}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
O1 HOSTS File: ([2013/06/03 16:01:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370316778828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC93507-7CD8-43E7-A74A-E434C2F6E706}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\viprotocol - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/13 16:25:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 21:55:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2013/06/13 21:53:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry\Recent
[2013/06/13 12:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/06/12 20:18:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/11 14:08:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/11 13:51:42 | 005,078,680 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerry\Desktop\ComboFix.exe
[2013/06/05 12:58:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerry\Desktop\dds.scr
[2013/06/05 12:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Start Menu\Programs\Revo Uninstaller
[2013/06/05 11:38:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 00:37:35 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jerry\Desktop\rkill.exe
[2013/06/05 00:32:00 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\TFC.exe
[2013/06/05 00:16:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/06/05 00:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/06/04 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/06/04 00:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/04 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/04 00:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\My Documents\Downloads
[2013/06/04 00:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/06/04 00:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/04 00:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/04 00:03:17 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/06/04 00:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/06/04 00:03:16 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/04 00:03:15 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/06/04 00:03:14 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/04 00:03:14 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/06/04 00:03:11 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/06/04 00:03:11 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/06/04 00:02:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/06/04 00:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/04 00:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/06/03 17:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/06/03 16:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Application Data\Malwarebytes
[2013/06/03 16:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/03 16:15:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/03 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/03 15:53:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/03 15:51:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/03 15:51:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/03 15:51:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/03 15:51:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/03 15:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/03 15:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/03 15:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Application Data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
[2013/06/03 14:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/06/02 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2013/06/02 11:57:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/06/02 11:54:28 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/05/24 11:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Mozilla
[2013/05/15 09:49:26 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 21:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2013/06/13 21:42:23 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/13 21:40:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/12 20:17:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/11 13:51:44 | 005,078,680 | R--- | M] (Swearware) -- C:\Documents and Settings\Jerry\Desktop\ComboFix.exe
[2013/06/05 12:56:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/05 12:55:21 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Revo Uninstaller.lnk
[2013/06/05 00:16:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/06/04 00:35:32 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/04 00:24:56 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/04 00:03:17 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/04 00:03:11 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/03 17:28:58 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/06/03 16:15:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 16:01:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/03 15:53:10 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013/06/03 15:43:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/06/03 15:41:54 | 000,000,239 | ---- | M] () -- C:\Boot.bak
[2013/05/24 10:59:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/17 18:07:22 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/16 08:04:03 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 13:50:16 | 000,472,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 13:50:16 | 000,075,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 09:49:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 09:49:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/15 09:49:26 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2013/06/05 12:55:21 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jerry\Desktop\Revo Uninstaller.lnk
[2013/06/04 00:35:32 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/04 00:24:56 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/04 00:03:17 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/04 00:03:13 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/04 00:03:13 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/04 00:03:12 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/03 17:28:58 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/06/03 16:15:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:53:10 | 000,000,239 | ---- | C] () -- C:\Boot.bak
[2013/06/03 15:53:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/06/03 15:51:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/03 15:51:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/03 15:51:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/03 15:51:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/03 15:51:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/03 15:43:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/30 18:10:36 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\dt.dat
[2012/05/17 10:41:22 | 000,139,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-1364589140-725345543-1004-0.dat
[2012/05/16 14:36:23 | 000,139,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 08:50:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/08 19:57:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/04/18 10:03:38 | 000,002,210 | ---- | C] () -- C:\Documents and Settings\Jerry\Application Data\evpro32.prf
[2009/12/17 15:52:21 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2012/01/23 21:23:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2008/07/13 16:25:06 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/06/03 15:41:54 | 000,000,239 | ---- | M] () -- C:\Boot.bak
[2013/06/03 15:53:10 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013/06/11 14:08:00 | 000,016,086 | ---- | M] () -- C:\ComboFix.txt
[2008/07/13 16:25:06 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/13 16:25:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/13 16:25:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/13 18:38:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/20 22:15:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/06/13 21:40:17 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-13 02:28:02
 
<  >

< End of report >

 

 

OTL Extras logfile created on: 6/13/2013 9:58:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.00 Mb Total Physical Memory | 584.96 Mb Available Physical Memory | 57.18% Memory free
1.28 Gb Paging File | 0.96 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.16 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
 
Computer Name: TODD-1L66DAFERH | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirstRunDisabled" =
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A760067A-C07E-1033-0000-A764AC000008}" = Avery Template
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ExamView Pro" = ExamView Pro
"HP Smart Web Printing" = HP Smart Web Printing
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Revo Uninstaller" = Revo Uninstaller 1.94
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/9/2013 6:33:51 PM | Computer Name = TODD-1L66DAFERH | Source = Microsoft Office 10 | ID = 1001
Description = Fault bucket 37837216.
 
Error - 3/9/2013 6:39:44 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.4030.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/9/2013 6:50:49 PM | Computer Name = TODD-1L66DAFERH | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.4030.0, faulting module
 mso.dll, version 10.0.2625.0, fault address 0x0001bcf5.
 
Error - 3/13/2013 8:10:36 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/22/2013 2:15:00 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/22/2013 3:15:25 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/25/2013 3:34:53 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/25/2013 3:34:55 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
 
Error - 3/26/2013 8:34:39 PM | Computer Name = TODD-1L66DAFERH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x6e04b010.
 
Error - 4/15/2013 9:10:18 PM | Computer Name = TODD-1L66DAFERH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 6/11/2013 1:45:58 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/12/2013 8:19:33 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/12/2013 8:19:33 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/13/2013 1:10:56 AM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 1:10:56 AM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/13/2013 12:38:21 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 12:38:21 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AVGIDSHX  avgtp
 
Error - 6/13/2013 1:01:32 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 1:16:30 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 6/13/2013 9:41:57 PM | Computer Name = TODD-1L66DAFERH | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
 
< End of report >



#12 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 14 June 2013 - 10:04 AM

Sorry I tried to post that from the infected (?) machine and it showed it having been posted on the screen but using another computer this morning, I see it actually didn't.

It still appears to be running the same and looking through the extras log file I see all kinds of AV programs listed that do not appear on any of the icons or folders in the system?

Ahnlab AV, CA AV, Kaspersky AV, McAfee AV, Panda AV, Sophos AV, Symantec AV & Firewall, Tiny Firewall, Trend AV & Firewall and ZoneLabs Firewall?



#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 14 June 2013 - 05:58 PM

Hey sh4rkbyt3,

 

You posted a full OTL log. Do you have the fix log saved from before? :)

 

As for all those entries, they are entries in the Registry OTL scans for. If they are present, then it scans to make sure they haven't been modified by malware.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 15 June 2013 - 12:50 AM

I forgot to save that logfile, my apology, would it have been saved anywhere on the system? In th emeantime here is the security check file result:

Results of screen317's Security Check version 0.99.64 
 Windows XP Service Pack 3 x86  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 avast! Free Antivirus   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````



#15 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:39 AM

Posted 15 June 2013 - 05:20 PM

Hey sh4rkbyt3,

 

The fix logfile should b3e saved in the same location that you have OTL saved.

 

That log looks fine. What issues remain on your computer?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users