Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Messed up big time

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Messed up big time

Unread postby ProblemBoy » September 25th, 2013, 10:28 pm

:D :D :) MUSIC!!! :) :) :D When I restarted the computer the Windows music played! Looks like all the media stuff is working. Looks like there is a problem with System restore though. ESERScan below.

C:\Documents and Settings\Anthony\Application Data\GameCenter\uninstall.exe probably a variant of Win32/YourFileDownloader.A application
C:\Documents and Settings\Anthony\My Documents\Downloads\epson14063.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Anthony\My Documents\Downloads\The_Healing_Codes_pdf_downloader_2.exe probably a variant of Win32/YourFileDownloader.A application
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP182\A0039222.exe Win32/Somoto.D application
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am
Advertisement
Register to Remove

Re: Messed up big time

Unread postby nunped » September 26th, 2013, 8:21 am

Hi ProblemBoy!

:D :D :) MUSIC!!! :) :) :D When I restarted the computer the Windows music played!

Very good news :cheers:

Looks like there is a problem with System restore though.

Can you be more specific? Any error message?

We tested those findings from ESET last time, so no need to do it again.

Let's just fix a couple of things with OTL.
  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Messed up big time

Unread postby ProblemBoy » September 26th, 2013, 11:47 am

Hi nunped,

“Looks like there is a problem with System restore though.

Can you be more specific? Any error message?

We tested those findings from ESET last time, so no need to do it again.”

No, nothing new, just when I first encountered the problem System Restore did not work. I tried to restore to multiple points and it would run thru the entire process and at the end tell me that it could not restore the system. Also, noticed that it had not created checkpoints on 9/18 and 9/19. None had been created yesterday either.

AVG showed no problems when it scanned this morning. It had been coming up with 3-12 daily. Thanks again.

OTL text
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Anthony
->Temp folder emptied: 3556176 bytes
->Temporary Internet Files folder emptied: 9678069 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 222819046 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9988 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33977 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71730634 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4947 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 337 bytes

Total Files Cleaned = 294.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09262013_111819

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\tmp4A.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DF5655.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DF6BB1.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFDAF5.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFDCC7.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~WRD1272.doc not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~WRF0002.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~WRS0001.tmp not found!
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\F87JM8X4\i[1] moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_f6c.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Messed up big time

Unread postby nunped » September 26th, 2013, 12:08 pm

Hi ProblemBoy,

You are welcome :)

I instructed OTL to create a restore point. Let's run a scan to see if it was successfully created.

  • Double click OTL.exe (or OTL.com or OTL.scr) to launch the program.
  • Click the Quick Scan button.
  • When done, one Notepad file will open.
    Please post the contents of this Notepad file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Messed up big time

Unread postby ProblemBoy » September 26th, 2013, 9:26 pm

Hi nunped,

OTL file:
OTL logfile created on: 9/26/2013 8:53:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Anthony\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 205.62 Mb Available Physical Memory | 20.28% Memory free
2.39 Gb Paging File | 1.60 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 28.98 Gb Free Space | 31.19% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-ANTHONY | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 18:20:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe
PRC - [2013/08/30 12:37:25 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/17 23:38:30 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/26 16:45:47 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/12/26 09:16:13 | 000,945,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
PRC - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/20 00:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/16 04:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 15:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 14:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 14:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/17 19:44:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2005/11/02 20:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/08/16 15:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/03/11 19:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 04:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/18 07:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/17 23:38:26 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/12/26 09:16:13 | 000,945,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
MOD - [2012/06/20 17:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/11/28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/23 18:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/11/03 14:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 21:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/15 08:32:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/17 23:38:28 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/26 16:45:47 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/26 09:16:13 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe -- (vToolbarUpdater14.0.0)
SRV - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4C32A8C-6984-483B-B45E-1FACCD4B53F2}\MpKsle16d8c51.sys -- (MpKsle16d8c51)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/26 09:16:13 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{8799D62D-9924-4079-90F4-5F491D78EEAD}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=MSNIE7&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {86E7B7B1-BA25-4A3D-B00C-9F6BEDF685E1}
IE - HKCU\..\SearchScopes\{026FF327-398E-49DC-BBC9-39A566D8D2A8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2D87485E-962F-4245-835F-E8E7C341DAD4}: "URL" = http://search.avg.com/route/?d=4cc63764 ... =chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{86E7B7B1-BA25-4A3D-B00C-9F6BEDF685E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGIT_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.9
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1rc1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Anthony\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HDView for Firefox [2010/01/05 17:13:00 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Anthony\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Anthony\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Anthony\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/05 09:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 17:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 23:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/12 01:00:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Anthony\Application Data\Move Networks [2012/02/12 13:09:07 | 000,000,000 | ---D | M]

[2013/08/24 15:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Extensions
[2013/09/26 20:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions
[2012/06/21 17:07:45 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
[2010/10/09 09:53:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/18 21:05:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2012/06/21 16:56:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\avg@toolbar(2)
[2010/08/19 21:27:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\vshareus@toolbar
[2013/07/23 15:08:44 | 000,353,425 | ---- | M] () (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\smarterwiki@wikiatic.com.xpi
[2012/02/25 01:08:31 | 000,081,156 | ---- | M] () (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2013/09/21 00:32:21 | 000,534,806 | ---- | M] () (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/04/05 21:51:45 | 000,714,654 | ---- | M] () (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/08/17 23:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/17 23:38:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/08/17 23:38:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 23:38:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/20 17:01:54 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/08/30 12:37:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Anthony\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Anthony\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealDownloader = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.1.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2011/09/29 20:37:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [WorkForce 435(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22692D1F-4F17-4FB2-AF0E-1B69FE9576AD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 11:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/26 11:18:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/20 22:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/09/20 22:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/20 22:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/20 22:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/18 18:20:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe
[2013/09/18 17:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Desktop\RK_Quarantine
[2013/09/14 16:07:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Anthony\Desktop\dds.scr
[2013/09/14 08:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/13 17:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\My Documents\Mind Verge Systems
[2013/09/12 20:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013/09/12 20:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Local Settings\Application Data\Citrix
[2013/08/30 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/08/30 11:39:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Anthony\Recent
[2013/08/29 00:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\AVG
[2013/08/29 00:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/08/29 00:52:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/08/28 15:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\My Documents\Natural Clear Vision
[2006/11/03 00:33:55 | 014,879,120 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe

========== Files - Modified Within 30 Days ==========

[2013/09/26 20:58:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/26 20:58:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/26 20:55:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/09/26 20:26:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/26 20:25:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/26 20:25:35 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/26 18:21:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/26 12:14:30 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{20953B89-5D8C-4449-9DC7-AF3C558FBAEC}.job
[2013/09/25 11:14:02 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3304055149-1954678347-4170687932-1005.job
[2013/09/24 09:20:50 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\rename.bat
[2013/09/20 22:54:52 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/09/20 22:40:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/19 21:43:55 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\SystemLook.exe
[2013/09/18 18:20:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe
[2013/09/14 16:07:43 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Anthony\Desktop\dds.scr
[2013/09/14 08:17:22 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/09/13 23:41:24 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/12 19:14:59 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/10 14:20:45 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\HiJackThis.lnk
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/09 10:01:43 | 000,076,883 | ---- | M] () -- C:\Documents and Settings\Anthony\My Documents\tgygroupexercise.pdf
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/08/30 12:38:51 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/08/30 12:37:30 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/08/30 11:40:57 | 000,169,600 | ---- | M] () -- C:\Documents and Settings\Anthony\My Documents\cc_20130830_114037.reg
[2013/08/30 11:37:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/09/23 18:35:37 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\rename.bat
[2013/09/20 22:54:52 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/09/19 21:45:17 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\SystemLook.exe
[2013/08/30 12:38:51 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/08/30 11:40:40 | 000,169,600 | ---- | C] () -- C:\Documents and Settings\Anthony\My Documents\cc_20130830_114037.reg
[2012/08/19 23:28:54 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\dt.dat
[2012/04/03 19:10:07 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EWF435.ini
[2012/02/15 19:51:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 00:42:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/16 23:32:41 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2011/10/02 15:05:30 | 000,003,720 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/12/14 00:45:21 | 006,959,104 | ---- | C] () -- C:\Documents and Settings\Anthony\s-1-5-21-3304055149-1954678347-4170687932-1005.rrr
[2009/11/04 09:12:16 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009/09/15 14:15:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/30 14:19:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Anthony\PUTTY.RND
[2009/03/06 11:47:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anthony\Ÿ9Ÿ9
[2008/10/23 23:54:00 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/10/19 08:56:00 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-iemin-release-1.8.4.14391.msi
[2008/10/06 23:52:52 | 002,849,792 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-iemin-release-1.8.3.14080.msi
[2008/09/16 09:02:54 | 002,326,016 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-iemin-release-1.8.2.4689.msi
[2008/08/22 09:07:51 | 002,149,376 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\cooliris-win-iemin-release-1.8.0.4272.msi
[2008/07/24 20:54:13 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi
[2006/10/12 23:19:51 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\wklnhst.dat
[2006/10/06 17:48:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/02/15 11:35:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/20 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/29 00:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/09/14 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2010/10/25 22:05:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/02/17 05:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/03/11 15:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
[2012/04/03 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/09/26 18:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/28 00:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2012/02/21 10:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/05/18 00:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/10/13 23:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/02/21 00:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/08/21 21:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/08/29 00:52:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/08/29 00:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\AVG
[2013/05/19 01:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\AVG2013
[2008/09/17 23:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Desktop Maestro
[2012/02/21 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\DriverCure
[2012/04/09 22:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Epson
[2010/06/13 23:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Facebook
[2012/11/04 00:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\GameCenter
[2012/11/04 00:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\GoforFiles
[2006/10/06 22:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\InterVideo
[2012/04/03 23:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Leader Technologies
[2007/08/03 23:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Leadertech
[2009/04/16 15:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\OLYMPUS
[2012/02/14 20:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Oracle
[2011/12/28 00:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Otto
[2013/06/30 23:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\PerformerSoft
[2010/03/09 17:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Smith Micro
[2012/02/21 10:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\SpeedMaxPc
[2006/10/12 23:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Template
[2006/02/16 05:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\toshiba
[2013/05/19 01:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\TuneUp Software
[2006/10/13 23:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\WildTangent
[2010/10/11 22:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Anthony\My Documents\WABLTE.EXE: SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Anthony\My Documents\Treasury Of Health Secrets.mht: SummaryInformation

< End of report >
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Messed up big time

Unread postby nunped » September 27th, 2013, 3:13 am

Hi ProblemBoy!

A few more steps with OTL:
  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Anthony\My Documents\WABLTE.EXE: SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Anthony\My Documents\Treasury Of Health Secrets.mht: SummaryInformation

:commands
[emptytemp]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

After the fix:
  • Double click OTL.exe (or OTL.com or OTL.scr) to launch the program.
  • Copy the following text to the "Custom Scans/Fixes" box:
    Code: Select all
    Restorepoints
  • Click "None", from the buttons on the top of the OTL window and then "Run Scan"
  • It should be fast and a log should open. Please post it on your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Messed up big time

Unread postby ProblemBoy » September 27th, 2013, 10:18 am

Hi nunped,

Had a slight possible problem while running OTL. When the computer was going thru the reboot process, it froze up just before it turned off. I had to use Task Manager to get it to close.

All processes killed
========== OTL ==========
Unable to delete ADS C:\Documents and Settings\Anthony\My Documents\WABLTE.EXE: SummaryInformation .
Unable to delete ADS C:\Documents and Settings\Anthony\My Documents\Treasury Of Health Secrets.mht: SummaryInformation .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Anthony
->Temp folder emptied: 107965 bytes
->Temporary Internet Files folder emptied: 448610 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30912451 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2134 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143632 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 32256 bytes

Total Files Cleaned = 30.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09272013_095432

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFAED9.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFB69F.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFF623.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFF79E.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~DFF80F.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~WRF0002.tmp not found!
File\Folder C:\Documents and Settings\Anthony\Local Settings\Temp\~WRS0001.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1574.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_eac.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 9/27/2013 10:12:43 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Anthony\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 376.61 Mb Available Physical Memory | 37.14% Memory free
2.39 Gb Paging File | 1.74 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 28.96 Gb Free Space | 31.17% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-ANTHONY | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

========== Restore Points Found ==========
[2013/09/27 09:55:45 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP219\snapshot
[2013/09/26 11:19:29 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\snapshot
[2013/09/24 23:06:48 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP217\snapshot
[2013/09/23 19:56:29 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\snapshot
[2013/09/22 13:59:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP215\snapshot
[2013/09/21 13:20:26 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP214\snapshot
[2013/09/20 11:06:20 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP213\snapshot
[2013/09/17 23:46:07 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP212\snapshot
[2013/09/16 23:08:10 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP211\snapshot
[2013/09/15 19:09:05 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP210\snapshot
[2013/09/14 15:19:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP204\snapshot
[2013/09/14 15:13:39 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP205\snapshot
[2013/09/14 15:08:38 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP193\snapshot
[2013/09/14 15:00:47 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP194\snapshot
[2013/09/13 10:25:40 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP203\snapshot
[2013/09/13 10:08:30 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP202\snapshot
[2013/09/13 09:58:15 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP201\snapshot
[2013/09/13 09:28:07 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP200\snapshot
[2013/09/13 09:15:46 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP199\snapshot
[2013/09/13 01:42:19 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP198\snapshot
[2013/09/12 19:53:10 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP197\snapshot
[2013/09/12 15:46:24 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP196\snapshot
[2013/09/12 14:46:26 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\snapshot
[2013/09/09 16:59:59 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP192\snapshot
[2013/09/08 15:28:31 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP191\snapshot
[2013/09/07 15:08:27 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP190\snapshot
[2013/09/06 12:20:56 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP189\snapshot
[2013/09/05 10:26:00 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP188\snapshot
[2013/09/04 10:17:57 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP187\snapshot
[2013/09/03 01:12:25 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP186\snapshot
[2013/09/01 19:25:38 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP185\snapshot
[2013/08/31 16:21:30 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP184\snapshot
[2013/08/30 12:14:37 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP183\snapshot
[2013/08/29 09:12:16 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP182\snapshot
[2013/08/29 09:10:14 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP181\snapshot
[2013/08/29 09:09:30 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP180\snapshot
[2013/08/29 00:52:54 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP179\snapshot
[2013/08/28 15:30:48 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP178\snapshot
[2013/08/27 22:43:50 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP177\snapshot
[2013/08/26 16:42:53 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP176\snapshot
[2013/08/25 13:36:28 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP175\snapshot
[2013/08/23 22:57:23 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP174\snapshot
[2013/08/22 11:39:24 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP173\snapshot
[2013/08/21 10:02:10 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP172\snapshot
[2013/08/20 09:59:56 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP171\snapshot
[2013/08/19 01:18:49 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP170\snapshot
[2013/08/15 20:24:37 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP169\snapshot
[2013/08/14 20:12:44 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP168\snapshot
[2013/08/14 18:58:29 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP167\snapshot
[2013/08/13 12:06:14 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP166\snapshot

< End of report >
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Messed up big time

Unread postby nunped » September 27th, 2013, 10:31 am

Hi ProblemBoy,

No problem.
The restore points were created successfully so system restore should be working fine.

And your computer looks free from malware :)
Although last time we removed some minor issues, AVG was flagging legit files, as it was the case this time.
AVG has a way to report false-positives, if you wish: http://samplesubmit.avg.com/eu-en/false-detection
It can help avoid future false detections. If it continues to bother, you can also change to another free anti-virus like Microsoft Security Essentials or Avast, for example.

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Messed up big time

Unread postby ProblemBoy » September 27th, 2013, 5:37 pm

Thanks again nunped! Everything seems to be working just fine, you did a great job. I appreciate the information about the false positives. Nothing against you, but I hope that we will not be corresponding again in the foreseeable future.
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Messed up big time

Unread postby nunped » September 28th, 2013, 4:04 am

You are very welcome!
Glad we could help :)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Messed up big time

Unread postby Cypher » September 28th, 2013, 9:49 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware