Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Wise Convert Community Toolbar
Message
<blockquote data-quote="ArizEagle" data-source="post: 95038" data-attributes="member: 4153"><p>Here ya go.... </p><p></p><p>OTL logfile created on: 1/8/2013 7:28:02 PM - Run 2</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop</p><p>Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</p><p>Internet Explorer (Version = 8.0.6001.19190)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>2.90 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 63.88% Memory free</p><p>6.81 Gb Paging File | 5.75 Gb Available in Paging File | 84.37% Paging File free</p><p>Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 138.70 Gb Total Space | 85.19 Gb Free Space | 61.42% Space Free | Partition Type: NTFS</p><p>Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS</p><p>Drive E: | 119.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS</p><p> </p><p>Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\owner\Desktop\OTL(2).exe (OldTimer Tools)</p><p>PRC - C:\Program Files\AVG Secure Search\vprot.exe ()</p><p>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()</p><p>PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)</p><p>PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)</p><p>PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)</p><p>PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)</p><p>PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()</p><p>PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)</p><p>PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)</p><p>PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\SMINST\BLService.exe ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files\AVG Secure Search\vprot.exe ()</p><p>MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()</p><p>MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()</p><p>MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</p><p>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</p><p>SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()</p><p>SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)</p><p>SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)</p><p>SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()</p><p>SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found</p><p>DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found</p><p>DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found</p><p>DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)</p><p>DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)</p><p>DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)</p><p>DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )</p><p>DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)</p><p>DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)</p><p>DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)</p><p>DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}</p><p>IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p> </p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = </p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{1B51FEB4-E04C-4DD1-AFC1-4F0ABD02ED51}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=dsp&q={searchTerms}</p><p>IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"</p><p>FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"</p><p>FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35</p><p>FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.5</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1</p><p>FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=ku&q="</p><p>FF - user.js - File not found</p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 01:58:10 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/30 22:10:14 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins</p><p> </p><p>[2012/02/29 20:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions</p><p>[2012/11/19 12:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ivp0wbj8.default\extensions</p><p>[2012/12/30 22:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2012/12/30 22:10:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}</p><p>[2012/11/10 01:58:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5</p><p>[2012/12/30 22:10:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</p><p>[2012/11/10 01:57:56 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml</p><p>[2012/09/23 08:35:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</p><p>[2012/12/29 00:02:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</p><p> </p><p>O1 HOSTS File: ([2012/12/29 12:19:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: ::1 localhost</p><p>O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()</p><p>O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)</p><p>O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)</p><p>O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()</p><p>O3 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</p><p>O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)</p><p>O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()</p><p>O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()</p><p>O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</p><p>O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()</p><p>O7 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1</p><p>O13 - gopher Prefix: missing</p><p>O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)</p><p>O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)</p><p>O15 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)</p><p>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715}: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp</p><p>O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O32 - AutoRun File - [2003/06/02 14:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]</p><p>O32 - AutoRun File - [2004/09/14 10:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]</p><p>O33 - MountPoints2\{7b4928c9-3fff-11de-8e52-806e6f6e6963}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{7b4928c9-3fff-11de-8e52-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 14:43:20 | 000,172,032 | R--- | M] ()</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/01/08 13:05:12 | 000,752,283 | ---- | C] (Farbar) -- C:\Users\owner\Desktop\MiniToolBox.exe</p><p>[2013/01/08 13:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip</p><p>[2013/01/08 13:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip</p><p>[2013/01/08 12:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN</p><p>[2013/01/07 10:43:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe</p><p>[2013/01/07 10:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner</p><p>[2013/01/01 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET</p><p>[2012/12/30 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox</p><p>[2012/12/27 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\CrashDumps</p><p>[2012/12/25 14:19:46 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll</p><p>[2012/12/25 14:19:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll</p><p>[2012/12/11 14:41:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll</p><p>[2012/12/11 14:41:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll</p><p>[2012/12/11 14:41:17 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys</p><p>[2012/12/11 14:41:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll</p><p>[2012/12/11 14:41:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll</p><p>[2012/12/11 14:41:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll</p><p>[2012/12/11 14:37:10 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</p><p>[2012/12/11 14:37:09 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll</p><p>[2012/12/11 14:37:09 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe</p><p>[2012/12/11 14:36:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll</p><p>[2012/12/10 11:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/08 19:28:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/01/08 19:28:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/01/08 19:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/01/08 19:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/01/08 19:22:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/08 19:22:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/08 19:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/01/08 19:21:54 | 3119,722,496 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/01/08 14:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/08 14:37:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe</p><p>[2013/01/08 14:37:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>[2013/01/08 13:05:14 | 000,752,283 | ---- | M] (Farbar) -- C:\Users\owner\Desktop\MiniToolBox.exe</p><p>[2013/01/08 13:00:20 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk</p><p>[2013/01/07 10:43:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe</p><p>[2013/01/07 10:23:25 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk</p><p>[2013/01/02 10:36:47 | 000,351,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2012/12/29 12:26:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/12/29 12:19:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts</p><p>[2012/12/27 23:49:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job</p><p>[2012/12/26 14:30:43 | 000,034,043 | ---- | M] () -- C:\Users\owner\Documents\Homes - Carmichael - 2012.ods</p><p>[2012/12/26 12:19:30 | 000,306,332 | ---- | M] () -- C:\Users\owner\Documents\Medjugorie Message.odt</p><p>[2012/12/26 00:01:01 | 000,128,416 | ---- | M] () -- C:\Users\owner\Documents\Deck of Cards.odt</p><p>[2012/12/16 05:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll</p><p>[2012/12/16 02:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll</p><p>[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys</p><p>[2012/12/10 11:59:54 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/08 13:00:20 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk</p><p>[2013/01/07 10:23:25 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk</p><p>[2012/12/29 11:04:41 | 3119,722,496 | -HS- | C] () -- C:\hiberfil.sys</p><p>[2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf</p><p>[2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf</p><p>[2012/07/15 21:41:17 | 000,001,072 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat</p><p>[2012/06/21 00:18:33 | 000,033,758 | ---- | C] () -- C:\Users\owner\AppData\Local\dt.dat</p><p>[2011/07/01 05:48:46 | 000,060,304 | ---- | C] () -- C:\Users\owner\g2mdlhlpx.exe</p><p>[2011/05/13 07:52:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll</p><p>[2011/05/13 07:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin</p><p>[2011/04/16 15:51:27 | 000,139,791 | ---- | C] () -- C:\Windows\hpoins15.dat</p><p>[2010/05/15 09:30:04 | 000,004,608 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2009/04/23 01:01:27 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="ArizEagle, post: 95038, member: 4153"] Here ya go.... OTL logfile created on: 1/8/2013 7:28:02 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19190) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.90 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 63.88% Memory free 6.81 Gb Paging File | 5.75 Gb Available in Paging File | 84.37% Paging File free Paging file location(s): c:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.70 Gb Total Space | 85.19 Gb Free Space | 61.42% Space Free | Partition Type: NTFS Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS Drive E: | 119.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\owner\Desktop\OTL(2).exe (OldTimer Tools) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\SMINST\BLService.exe () [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {7DC7C2A9-63BE-4EDF-99EF-028F49D65B85} IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{1B51FEB4-E04C-4DD1-AFC1-4F0ABD02ED51}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=ku&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 01:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/30 22:10:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/29 20:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions [2012/11/19 12:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ivp0wbj8.default\extensions [2012/12/30 22:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/30 22:10:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/10 01:58:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5 [2012/12/30 22:10:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/10 01:57:56 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/23 08:35:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/29 00:02:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/12/29 12:19:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2003/06/02 14:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004/09/14 10:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{7b4928c9-3fff-11de-8e52-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b4928c9-3fff-11de-8e52-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 14:43:20 | 000,172,032 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/08 13:05:12 | 000,752,283 | ---- | C] (Farbar) -- C:\Users\owner\Desktop\MiniToolBox.exe [2013/01/08 13:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip [2013/01/08 13:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip [2013/01/08 12:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013/01/07 10:43:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe [2013/01/07 10:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/01/01 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/12/30 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/12/27 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\CrashDumps [2012/12/25 14:19:46 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/25 14:19:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/11 14:41:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012/12/11 14:41:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012/12/11 14:41:17 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012/12/11 14:41:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012/12/11 14:41:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012/12/11 14:41:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012/12/11 14:37:10 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/11 14:37:09 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/11 14:37:09 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012/12/11 14:36:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/10 11:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/08 19:28:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/08 19:28:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/08 19:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/08 19:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/08 19:22:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/08 19:22:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/08 19:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/08 19:21:54 | 3119,722,496 | -HS- | M] () -- C:\hiberfil.sys [2013/01/08 14:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/08 14:37:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/08 14:37:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/01/08 13:05:14 | 000,752,283 | ---- | M] (Farbar) -- C:\Users\owner\Desktop\MiniToolBox.exe [2013/01/08 13:00:20 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk [2013/01/07 10:43:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe [2013/01/07 10:23:25 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/02 10:36:47 | 000,351,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/29 12:26:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/29 12:19:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/12/27 23:49:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job [2012/12/26 14:30:43 | 000,034,043 | ---- | M] () -- C:\Users\owner\Documents\Homes - Carmichael - 2012.ods [2012/12/26 12:19:30 | 000,306,332 | ---- | M] () -- C:\Users\owner\Documents\Medjugorie Message.odt [2012/12/26 00:01:01 | 000,128,416 | ---- | M] () -- C:\Users\owner\Documents\Deck of Cards.odt [2012/12/16 05:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/16 02:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/12/10 11:59:54 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/08 13:00:20 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk [2013/01/07 10:23:25 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/29 11:04:41 | 3119,722,496 | -HS- | C] () -- C:\hiberfil.sys [2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/07/15 21:41:17 | 000,001,072 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat [2012/06/21 00:18:33 | 000,033,758 | ---- | C] () -- C:\Users\owner\AppData\Local\dt.dat [2011/07/01 05:48:46 | 000,060,304 | ---- | C] () -- C:\Users\owner\g2mdlhlpx.exe [2011/05/13 07:52:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/05/13 07:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/04/16 15:51:27 | 000,139,791 | ---- | C] () -- C:\Windows\hpoins15.dat [2010/05/15 09:30:04 | 000,004,608 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/23 01:01:27 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
