Solved Got a bug I can't seem to shake

p22003888.gif
 
ComboFix 13-09-24.02 - Owner 09/24/2013 23:43:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1269 [GMT -5:00]
Running from: c:\documents and settings\Owner.DeathBlow\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2013-08-25 to 2013-09-25 )))))))))))))))))))))))))))))))
.
.
2013-09-24 05:29 . 2013-09-24 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-23 04:33 . 2013-09-23 04:33 -------- d-----w- c:\program files\VS Revo Group
2013-09-22 06:21 . 2013-09-22 06:22 -------- d-----w- C:\AdwCleaner
2013-09-12 17:12 . 2013-09-12 17:12 -------- d-----w- c:\documents and settings\Owner.DeathBlow\Local Settings\Application Data\PCHealth
2013-09-07 06:46 . 2013-08-07 09:22 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-09-07 06:46 . 2013-09-07 06:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2013-09-07 06:24 . 2013-09-07 06:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2013
2013-09-07 06:24 . 2013-09-07 06:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013
2013-09-07 06:20 . 2013-09-07 06:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-09-07 05:45 . 2013-09-07 05:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 22:27 . 2013-02-18 17:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 22:27 . 2013-02-18 17:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56 . 2009-09-01 16:13 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2009-09-01 16:14 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2009-09-01 16:10 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2009-09-01 16:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2009-09-01 16:06 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2009-09-01 16:14 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2009-09-01 16:08 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2009-09-01 16:12 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-07-31 22:20 . 2005-01-09 23:49 827392 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-20 06:51 . 2012-09-21 09:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2012-10-22 19:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2012-10-15 09:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2012-10-02 09:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2009-09-01 16:13 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-10 06:32 . 2012-09-14 09:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-04 03:03 . 2009-09-01 16:12 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2013-01-18 21:50 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-01 06:45 . 2012-11-16 05:33 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-01-18 98304]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 4:48 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 4:05 AM 39224]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/22/2013 12:38 AM 14776]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 2:02 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 4:45 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 4:30 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 4:46 AM 182072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12/7/2012 6:27 PM 167424]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [2/17/2013 11:26 PM 65596]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2/17/2013 11:26 PM 198144]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe --> c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [?]
S3 Ant App service;File1 Application service;c:\program files\Ant.com\File1 Package Manager\AppService.exe [2/5/2013 12:16 PM 504816]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [6/23/2013 12:44 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [12/7/2012 6:27 PM 21248]
S3 o1394bul;o1394bul;\??\c:\docume~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys [?]
S3 RegFilter;RegFilter;\??\c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys --> c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [?]
S3 rm;rm;\??\c:\windows\system32\drivers\rm.sys --> c:\windows\system32\drivers\rm.sys [?]
S3 UrlFilter;UrlFilter;\??\c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys --> c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [?]
S4 FileMonitor;FileMonitor;\??\c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys --> c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 22:27]
.
2013-08-19 c:\windows\Tasks\MyTurboPC.com Registration3.job
- c:\program files\Common Files\MyTurboPC.com\UUS3\UUS3.dll [2013-01-15 22:28]
.
2013-09-24 c:\windows\Tasks\MyTurboPC.com Update3.job
- c:\program files\Common Files\MyTurboPC.com\UUS3\Update3.exe [2013-01-15 22:28]
.
2013-09-21 c:\windows\Tasks\MyTurboPC.job
- c:\program files\MyTurboPC.com\MyTurboPC\mtpc.exe [2013-01-15 22:28]
.
2013-09-24 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-08-20 23:49]
.
2013-09-24 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-08-20 15:31]
.
2013-09-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-08-20 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=vFvhbEuqIPw9cKD3yDOlEzSdx1E
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 67.142.160.8 67.142.160.9
FF - ProfilePath - c:\documents and settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-08-18 02:24; anttoolbar@ant.com; c:\documents and settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\anttoolbar@ant.com
FF - ExtSQL: 2013-09-22 08:49; ascsurfingprotection@iobit.com; c:\documents and settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\ascsurfingprotection@iobit.com
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
HKLM-Run-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-24 23:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(4504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-09-24 23:51:17
ComboFix-quarantined-files.txt 2013-09-25 04:51
ComboFix2.txt 2013-09-22 06:43
.
Pre-Run: 160,427,982,848 bytes free
Post-Run: 160,432,357,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8F2E8B47D2530E02DCEE3668AA9D0EA4
B20939CD98B7710036274839082AE757
 
Will do
any ideas on why the start menu wont allow me to start program?
Malware or roguekiller placed a quarintine fold on my desktop with a couple of items in it can I delete the folder?
 
Yes, you can delete that folder.

I don't know about Start menu yet.

Did you uninstall/reinstall AVG?
 
Forget AVG then.

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Next...

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Avast
not sure if it installed properly or even if it is running there is no icon in the task bar and in the start menustart menu.jpg
 
# AdwCleaner v3.005 - Report created 26/09/2013 at 10:23:39
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - DEATHBLOW
# Running from : C:\Documents and Settings\Owner.DeathBlow\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

*************************

AdwCleaner[R0].txt - [1812 octets] - [22/09/2013 01:21:22]
AdwCleaner[R1].txt - [820 octets] - [26/09/2013 10:21:29]
AdwCleaner[S0].txt - [1911 octets] - [22/09/2013 01:22:39]
AdwCleaner[S1].txt - [742 octets] - [26/09/2013 10:23:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [801 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 09/26/2013 at 10:28:01.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\bigfix"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner.DeathBlow\Application Data\mozilla\firefox\profiles\qfreinz8.default\user.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/26/2013 at 10:38:40.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif



Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif



Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif


Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Starting Repairs...
Start (9/27/2013 3:00:24 AM)

01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (9/27/2013 3:00:24 AM)
Running Repair Under Current User Account
Done (9/27/2013 3:00:33 AM)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (9/27/2013 3:00:33 AM)
Running Repair Under System Account
Done (9/27/2013 3:05:26 AM)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (9/27/2013 3:05:26 AM)
Running Repair Under System Account
Done (9/27/2013 3:09:58 AM)

03 - Register System Files
Start (9/27/2013 3:09:58 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:12:53 AM)

04 - Repair WMI
Start (9/27/2013 3:12:53 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:19:59 AM)

05 - Repair Windows Firewall
Start (9/27/2013 3:19:59 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:20:26 AM)

06 - Repair Internet Explorer
Start (9/27/2013 3:20:26 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:23:30 AM)

07 - Repair MDAC/MS Jet
Start (9/27/2013 3:23:30 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:24:04 AM)

08 - Repair Hosts File
Start (9/27/2013 3:24:04 AM)
Running Repair Under System Account
Done (9/27/2013 3:24:06 AM)

09 - Remove Policies Set By Infections
Start (9/27/2013 3:24:06 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:24:11 AM)

11 - Repair Icons
Start (9/27/2013 3:24:11 AM)
Running Repair Under System Account
Done (9/27/2013 3:24:14 AM)

12 - Repair Winsock & DNS Cache
Start (9/27/2013 3:24:14 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:24:35 AM)

14 - Repair Proxy Settings
Start (9/27/2013 3:24:35 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:24:40 AM)

16 - Repair Windows Updates
Start (9/27/2013 3:24:40 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:26:05 AM)

17 - Repair CD/DVD Missing/Not Working
Start (9/27/2013 3:26:05 AM)
Done (9/27/2013 3:26:05 AM)

18 - Repair Volume Shadow Copy Service
Start (9/27/2013 3:26:05 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:26:43 AM)

20 - Repair MSI (Windows Installer)
Start (9/27/2013 3:26:43 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:08 AM)

22.01 - Repair bat Association
Start (9/27/2013 3:27:09 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:13 AM)

22.02 - Repair cmd Association
Start (9/27/2013 3:27:13 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:18 AM)

22.03 - Repair com Association
Start (9/27/2013 3:27:18 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:23 AM)

22.04 - Repair Directory Association
Start (9/27/2013 3:27:23 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:28 AM)

22.05 - Repair Drive Association
Start (9/27/2013 3:27:28 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:33 AM)

22.06 - Repair exe Association
Start (9/27/2013 3:27:33 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:38 AM)

22.07 - Repair Folder Association
Start (9/27/2013 3:27:38 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:43 AM)

22.08 - Repair inf Association
Start (9/27/2013 3:27:43 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:48 AM)

22.09 - Repair lnk (Shortcuts) Association
Start (9/27/2013 3:27:48 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:53 AM)

22.10 - Repair msc Association
Start (9/27/2013 3:27:53 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:27:58 AM)

22.11 - Repair reg Association
Start (9/27/2013 3:27:58 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:28:03 AM)

22.12 - Repair scr Association
Start (9/27/2013 3:28:03 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:28:08 AM)

23 - Repair Windows Safe Mode
Start (9/27/2013 3:28:08 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:28:13 AM)

24 - Repair Print Spooler
Start (9/27/2013 3:28:13 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:28:20 AM)

25 - Restore Important Windows Services
Start (9/27/2013 3:28:20 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:28:39 AM)

26 - Set Windows Services To Default Startup
Start (9/27/2013 3:28:39 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (9/27/2013 3:29:27 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (9/27/2013 3:29:27 AM)
Total Repair Time: 00:29:03


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
 
Great!

redtarget.gif
Uninstall/reinstall Avast since it may be not working.

redtarget.gif
See if you can run OTL now.
 
OTL Extras logfile created on: 9/27/2013 11:55:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner.DeathBlow\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 71.76% Memory free
3.72 Gb Paging File | 3.23 Gb Available in Paging File | 86.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 147.58 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
Drive D: | 4.39 Gb Total Space | 1.18 Gb Free Space | 26.85% Space Free | Partition Type: FAT32
Drive E: | 544.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEATHBLOW | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8A50D93C-79EE-425C-9464-3550978F4E56}" = File1 Package Manager
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F37CA8-53F8-4594-B701-32AE64BAED1A}" = MyTurboPC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B795F380-D3D6-4EA4-A4BB-27FC2FB0F8B2}" = Ant.com IE add-on
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6CE2447-877A-49C7-8273-9185C3873F79}" = AVG 2014
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1F85CCE-735F-4CD2-B5AA-1F471AA6AF11}" = AVG 2014
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2014
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX Setup
"gtw_logo" = gtw_logo
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.95
"Smart Defrag 2_is1" = Smart Defrag 2
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2013 12:10:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:40:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:40:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:43:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:43:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:10:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:10:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:18:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:18:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 4:56:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 9/26/2013 11:17:59 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.ATL could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/26/2013 11:17:59 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.ATL. Reference error
message: The referenced assembly is not installed on your system. .

Error - 9/26/2013 2:02:12 PM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/26/2013 2:02:12 PM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 9/28/2013 12:32:59 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.


< End of report >
 
OTL logfile created on: 9/27/2013 11:55:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner.DeathBlow\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 71.76% Memory free
3.72 Gb Paging File | 3.23 Gb Available in Paging File | 86.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 147.58 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
Drive D: | 4.39 Gb Total Space | 1.18 Gb Free Space | 26.85% Space Free | Partition Type: FAT32
Drive E: | 544.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEATHBLOW | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 10:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.exe
PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/24 12:46:43 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/05 02:16:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/18 18:19:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/08/04 00:18:00 | 006,248,960 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/10 18:12:20 | 000,065,596 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/12/09 21:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/27 14:12:37 | 002,101,760 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13092702\algo.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/14 16:57:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/09/02 09:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys\WUSB54GSCv2\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 01:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys\WUSB54GSCv2\GEMWEP.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe WUSB54GSC.exe -- (WUSB54GSC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/19 17:27:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/18 03:15:26 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/24 12:46:43 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/05 02:16:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/05 12:16:36 | 000,504,816 | ---- | M] (Helios Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files\Ant.com\File1 Package Manager\AppService.exe -- (Ant App service)
SRV - [2013/01/18 18:19:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rm.sys -- (rm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys -- (o1394bul)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 02:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 02:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/05/22 18:49:32 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/01/18 18:17:59 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 02:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/10/09 15:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2006/01/25 15:52:32 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/13 21:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4026E
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4026E
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/09/27 23:45:48 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/26 10:17:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/20 11:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Extensions
[2013/08/20 11:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Extensions\celtx@celtx.com
[2013/09/27 11:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions
[2013/09/25 12:29:36 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\anttoolbar@ant.com
[2013/09/22 13:49:58 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\ascsurfingprotection@iobit.com
[2013/08/18 03:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/18 03:15:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/27 03:24:06 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1361155837230 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361159053980 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.160.8 67.142.160.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72DBAAB3-540A-4A8C-8E00-5CCADCA408EE}: DhcpNameServer = 67.142.160.8 67.142.160.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 001,053,184 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.DLL -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,018,944 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,000,064 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/27 03:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\AVG2014
[2013/09/27 03:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/27 03:50:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/27 03:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/27 03:31:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/09/27 03:00:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 02:57:45 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2013/09/27 02:57:41 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2013/09/27 02:57:05 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2013/09/27 02:57:00 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2013/09/27 02:56:09 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2013/09/27 02:56:05 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2013/09/27 02:55:55 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2013/09/27 02:55:33 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2013/09/27 02:55:19 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2013/09/27 02:55:15 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2013/09/27 02:55:11 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2013/09/27 02:55:05 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2013/09/27 02:55:00 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2013/09/27 02:54:55 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2013/09/27 02:54:51 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2013/09/27 02:54:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2013/09/27 02:54:18 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2013/09/27 02:54:14 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2013/09/27 02:54:09 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2013/09/27 02:54:04 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2013/09/27 02:53:42 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2013/09/27 02:53:27 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2013/09/27 02:53:23 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2013/09/27 02:53:11 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2013/09/27 02:53:07 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2013/09/27 02:53:03 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2013/09/27 02:52:59 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2013/09/27 02:52:55 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2013/09/27 02:52:51 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2013/09/27 02:52:20 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2013/09/27 02:52:14 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2013/09/27 02:52:11 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2013/09/27 02:52:09 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2013/09/27 02:52:05 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2013/09/27 02:52:01 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2013/09/27 02:51:46 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2013/09/27 02:51:43 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2013/09/27 02:51:09 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2013/09/27 02:51:05 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2013/09/27 02:51:02 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2013/09/27 02:50:57 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2013/09/27 02:50:50 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2013/09/27 02:49:59 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2013/09/27 02:49:55 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2013/09/27 02:49:51 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2013/09/27 02:49:48 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2013/09/27 02:49:44 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2013/09/27 02:49:19 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2013/09/27 02:49:16 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2013/09/27 02:49:12 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2013/09/27 02:49:04 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2013/09/27 02:48:34 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2013/09/27 02:48:30 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2013/09/27 02:48:27 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2013/09/27 02:48:24 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2013/09/27 02:47:57 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2013/09/27 02:47:49 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2013/09/27 02:47:46 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2013/09/27 02:47:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2013/09/27 02:47:26 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2013/09/27 02:47:23 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2013/09/27 02:47:19 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2013/09/27 02:47:16 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2013/09/27 02:47:12 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2013/09/27 02:47:09 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2013/09/27 02:47:06 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2013/09/27 02:47:02 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2013/09/27 02:46:55 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2013/09/27 02:46:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2013/09/27 02:46:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/09/27 02:46:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/09/27 02:46:50 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2013/09/27 02:46:49 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2013/09/27 02:46:34 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2013/09/27 02:46:28 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2013/09/27 02:46:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2013/09/27 02:46:20 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2013/09/27 02:46:05 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2013/09/27 02:46:01 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2013/09/27 02:45:44 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2013/09/27 02:45:41 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2013/09/27 02:45:38 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2013/09/27 02:45:26 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2013/09/27 02:44:40 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2013/09/27 02:44:27 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2013/09/27 02:44:25 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2013/09/27 02:44:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2013/09/27 02:43:40 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2013/09/27 02:43:37 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2013/09/27 02:43:34 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2013/09/27 02:43:30 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2013/09/27 02:43:08 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2013/09/27 02:41:48 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2013/09/27 02:41:45 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2013/09/27 02:41:39 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2013/09/27 02:41:29 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2013/09/27 02:41:25 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2013/09/27 02:41:15 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2013/09/27 02:41:12 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2013/09/27 02:41:09 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2013/09/27 02:41:06 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2013/09/27 02:41:03 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2013/09/27 02:41:00 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2013/09/27 02:40:51 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2013/09/27 02:40:47 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2013/09/27 02:40:44 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2013/09/27 02:40:41 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2013/09/27 02:39:11 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2013/09/27 02:38:48 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2013/09/27 02:38:45 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2013/09/27 02:38:43 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2013/09/27 02:38:40 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2013/09/27 02:38:40 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2013/09/27 02:38:37 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2013/09/27 02:38:27 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2013/09/27 02:38:24 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2013/09/27 02:38:21 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2013/09/27 02:38:18 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2013/09/27 02:38:13 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2013/09/27 02:38:10 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2013/09/27 02:37:16 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2013/09/27 02:36:36 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2013/09/27 02:34:54 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2013/09/27 02:34:45 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2013/09/27 02:34:15 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2013/09/27 02:34:13 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2013/09/27 02:34:10 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2013/09/27 02:33:55 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2013/09/27 02:33:43 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2013/09/27 02:33:41 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2013/09/27 02:33:36 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2013/09/27 02:33:33 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2013/09/27 02:33:31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2013/09/27 02:33:30 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2013/09/27 02:33:13 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2013/09/27 02:33:09 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2013/09/27 02:33:07 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2013/09/27 02:31:37 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2013/09/27 02:31:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2013/09/27 02:31:22 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2013/09/27 02:31:19 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2013/09/27 02:31:18 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2013/09/27 02:31:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2013/09/27 02:31:11 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2013/09/27 02:31:10 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2013/09/27 02:31:09 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2013/09/27 02:31:06 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2013/09/27 02:30:44 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2013/09/27 02:30:43 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2013/09/27 02:30:38 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2013/09/27 02:30:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2013/09/27 02:30:14 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2013/09/27 02:30:12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2013/09/27 02:30:11 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2013/09/27 02:30:10 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2013/09/27 02:30:09 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2013/09/27 02:30:08 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2013/09/27 02:30:06 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2013/09/27 02:29:57 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2013/09/27 02:29:43 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2013/09/27 02:29:33 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2013/09/27 02:29:26 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2013/09/27 02:29:25 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2013/09/27 02:29:24 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2013/09/27 02:29:24 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2013/09/27 02:29:23 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2013/09/27 02:29:20 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2013/09/27 02:29:20 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2013/09/27 02:29:19 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2013/09/27 02:29:18 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2013/09/27 02:29:16 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2013/09/27 02:29:15 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2013/09/27 02:29:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/09/27 02:28:44 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/09/27 02:28:44 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/09/27 02:28:43 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/09/27 02:28:42 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/09/27 02:28:42 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/09/27 02:28:41 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/09/27 02:28:40 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/09/27 02:28:39 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/09/27 02:28:37 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/09/27 02:28:37 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/09/27 02:28:36 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/09/27 02:28:35 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/09/27 02:28:34 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/09/27 02:28:33 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/09/27 02:28:33 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/09/27 02:28:32 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/09/27 02:28:31 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/09/27 02:28:31 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/09/27 02:28:26 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/09/27 02:28:22 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/09/27 02:28:21 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/09/27 02:28:20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/09/27 02:28:20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/09/27 02:28:19 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/09/27 02:28:18 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/09/27 02:28:18 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/09/27 02:27:51 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/09/27 02:27:46 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/09/27 02:27:35 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/09/27 02:27:33 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/09/27 02:27:32 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/09/27 02:27:32 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/09/27 02:27:31 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/09/27 02:27:29 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/09/27 02:27:24 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/09/27 02:27:24 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/09/27 02:27:21 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/09/27 02:27:20 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/09/27 02:27:19 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/09/27 00:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/09/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/09/27 00:31:16 | 214,262,072 | ---- | C] (COMODO) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\cav_installer.exe
[2013/09/26 10:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/26 10:18:02 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/09/26 10:18:02 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/09/26 10:18:01 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/09/26 10:18:01 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/09/26 10:18:01 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/09/26 10:18:00 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/09/26 10:17:59 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/09/26 10:17:26 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/09/26 10:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/26 10:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/26 10:09:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.exe
[2013/09/26 10:09:28 | 001,030,038 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\JRT.exe
[2013/09/26 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\MFAData
[2013/09/26 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/26 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\Avg2014
[2013/09/26 02:47:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/24 23:41:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/24 23:38:36 | 005,130,004 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\ComboFix.exe
[2013/09/24 00:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/24 00:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Desktop\mbar
[2013/09/23 23:28:35 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\mbar-1.07.0.1005.exe
[2013/09/23 23:28:31 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\unhide.exe
[2013/09/22 23:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Start Menu\Programs\Revo Uninstaller
[2013/09/22 23:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/09/22 18:30:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\dds.com
[2013/09/22 01:31:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/22 01:31:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/22 01:31:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/22 01:31:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/22 01:30:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/22 01:30:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/22 01:21:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/12 12:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\PCHealth
[2013/09/10 22:11:44 | 000,022,840 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/08 22:12:16 | 000,027,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/02 10:39:32 | 000,176,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/09/02 10:28:06 | 000,145,720 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/09/02 10:28:04 | 000,209,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/09/02 10:28:00 | 000,223,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/27 23:46:38 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/27 23:45:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/09/27 23:44:54 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/09/27 23:44:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/09/27 23:44:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/27 23:42:59 | 000,462,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/27 23:42:59 | 000,078,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/27 23:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/27 03:50:59 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/27 03:32:24 | 001,454,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/27 03:29:03 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 03:24:06 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/27 03:23:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/09/27 03:23:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/09/26 19:58:38 | 005,369,204 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/09/26 14:13:04 | 214,262,072 | ---- | M] (COMODO) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\cav_installer.exe
[2013/09/26 10:45:38 | 000,386,834 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\start menu.jpg
[2013/09/26 10:44:14 | 000,470,343 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.jpg
[2013/09/26 10:18:00 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/26 10:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.exe
[2013/09/26 10:09:31 | 001,030,038 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\JRT.exe
[2013/09/26 10:09:01 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\adwcleaner.exe
[2013/09/26 03:15:45 | 000,424,702 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\antivirus.jpg
[2013/09/26 02:58:54 | 000,102,098 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\AVGInstLog.cab
[2013/09/25 03:03:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC.job
[2013/09/24 23:42:05 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2013/09/24 23:39:03 | 005,130,004 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\ComboFix.exe
[2013/09/24 02:58:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC.com Update3.job
[2013/09/24 00:26:23 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\my restore.vbs
[2013/09/23 23:28:13 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2013/09/23 22:02:16 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\mbar-1.07.0.1005.exe
[2013/09/23 22:00:28 | 000,922,112 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\RogueKiller.exe
[2013/09/23 21:05:42 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\unhide.exe
[2013/09/22 22:23:21 | 000,425,964 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\uninstall problem.jpg
[2013/09/22 22:17:38 | 000,004,865 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\attach.zip
[2013/09/22 18:45:43 | 000,297,693 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal02.jpg
[2013/09/22 18:44:44 | 000,346,662 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal01.jpg
[2013/09/22 18:30:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\dds.com
[2013/09/22 13:54:33 | 000,487,239 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot03.jpg
[2013/09/22 13:53:31 | 000,267,847 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot02.jpg
[2013/09/22 13:49:39 | 000,331,956 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot.jpg
[2013/09/22 01:41:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_86
[2013/09/22 01:34:00 | 000,000,314 | ---- | M] () -- C:\Boot.bak
[2013/09/21 02:06:29 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/07 00:47:40 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/30 02:48:13 | 000,177,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/30 02:48:12 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/30 02:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/30 02:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/27 03:50:59 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/27 02:57:40 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2013/09/27 02:57:36 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2013/09/27 02:38:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2013/09/27 02:36:46 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2013/09/27 02:34:52 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2013/09/27 02:34:47 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2013/09/27 02:34:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2013/09/27 02:34:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2013/09/27 02:34:32 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2013/09/27 02:34:17 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2013/09/27 02:31:16 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2013/09/27 02:31:15 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2013/09/27 02:31:14 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2013/09/27 02:28:10 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/09/27 02:28:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/09/27 02:28:09 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/09/27 02:28:08 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/09/27 02:28:07 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/09/27 02:28:07 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/09/27 02:28:06 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/09/27 02:28:06 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/09/27 02:28:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/09/27 02:27:58 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/09/27 00:31:13 | 005,369,204 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/09/26 10:45:35 | 000,386,834 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\start menu.jpg
[2013/09/26 10:44:10 | 000,470,343 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.jpg
[2013/09/26 10:18:00 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/26 10:18:00 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/09/26 10:18:00 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/26 10:08:59 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\adwcleaner.exe
[2013/09/26 03:15:43 | 000,424,702 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\antivirus.jpg
[2013/09/26 02:58:54 | 000,102,098 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\AVGInstLog.cab
[2013/09/24 00:26:23 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\my restore.vbs
[2013/09/23 23:55:47 | 000,922,112 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\RogueKiller.exe
[2013/09/22 22:23:19 | 000,425,964 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\uninstall problem.jpg
[2013/09/22 22:17:38 | 000,004,865 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\attach.zip
[2013/09/22 18:45:40 | 000,297,693 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal02.jpg
[2013/09/22 18:44:42 | 000,346,662 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal01.jpg
[2013/09/22 13:54:31 | 000,487,239 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot03.jpg
[2013/09/22 13:53:29 | 000,267,847 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot02.jpg
[2013/09/22 13:49:37 | 000,331,956 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot.jpg
[2013/09/22 01:34:00 | 000,000,314 | ---- | C] () -- C:\Boot.bak
[2013/09/22 01:33:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/22 01:31:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/22 01:31:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/22 01:31:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/22 01:31:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/22 01:31:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/07 00:47:40 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/08/24 16:18:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\housecall.guid.cache
[2013/08/22 00:38:32 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/08/18 23:35:23 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Application Data\mbam.context.scan
[2013/03/05 02:29:02 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2013/02/24 17:15:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2013/02/18 05:11:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/02/17 23:26:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2013/02/17 23:26:52 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2013/02/17 23:26:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2013/02/17 23:26:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2013/02/17 23:26:45 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2013/02/17 23:26:10 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/17 23:12:16 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\fusioncache.dat
[2013/02/17 22:20:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2013/01/18 18:20:11 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2013/01/18 18:17:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2013/01/18 18:16:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2013/01/18 18:14:01 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2013/01/18 18:14:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013/01/18 18:06:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/01/18 16:52:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT

========== ZeroAccess Check ==========

[2005/01/09 20:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/07/25 03:12:59 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/19 00:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2013/09/07 01:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2013/08/19 00:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyTurboPC.com
[2013/01/18 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2013/02/19 02:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com
[2013/09/26 10:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/02/21 11:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/27 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/02/17 21:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/23 12:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/08/21 03:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/09/27 18:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/08/19 00:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyTurboPC.com
[2013/02/18 02:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2013/08/20 00:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/18 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2013/03/08 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/02/21 11:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\AVG January 2013 Campaign
[2013/09/27 03:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\AVG2014
[2013/03/08 02:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\BitTorrent
[2013/09/06 11:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\ElevatedDiagnostics
[2013/09/22 22:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\IObit
[2013/01/18 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\SampleView
[2013/02/17 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\TuneUp Software
[2013/02/19 02:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Windows Desktop Search
[2013/03/10 14:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Windows Search

========== Purity Check ==========



< End of report >
 
OTL logfile created on: 9/29/2013 1:39:10 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner.DeathBlow\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 69.85% Memory free
3.72 Gb Paging File | 3.25 Gb Available in Paging File | 87.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 147.09 Gb Free Space | 64.38% Space Free | Partition Type: NTFS
Drive D: | 4.39 Gb Total Space | 1.18 Gb Free Space | 26.85% Space Free | Partition Type: FAT32
Drive E: | 544.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEATHBLOW | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 10:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.exe
PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/24 12:46:43 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/05 02:16:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/18 18:19:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/08/04 00:18:00 | 006,248,960 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/10 18:12:20 | 000,065,596 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
PRC - [2006/10/23 02:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/12/09 21:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/14 16:57:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/09/02 09:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys\WUSB54GSCv2\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 01:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys\WUSB54GSCv2\GEMWEP.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe WUSB54GSC.exe -- (WUSB54GSC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/19 17:27:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/18 03:15:26 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/24 12:46:43 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/05 02:16:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/05 12:16:36 | 000,504,816 | ---- | M] (Helios Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files\Ant.com\File1 Package Manager\AppService.exe -- (Ant App service)
SRV - [2013/01/18 18:19:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rm.sys -- (rm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys -- (o1394bul)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/05/22 18:49:32 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/01/18 18:17:59 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2012/12/07 18:27:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 02:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/10/09 15:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2006/01/25 15:52:32 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/13 21:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4026E
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4026E
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/09/29 01:37:28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/20 11:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Extensions
[2013/08/20 11:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Extensions\celtx@celtx.com
[2013/09/27 11:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions
[2013/09/25 12:29:36 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\anttoolbar@ant.com
[2013/09/22 13:49:58 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\ascsurfingprotection@iobit.com
[2013/08/18 03:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/18 03:15:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/27 03:24:06 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1361155837230 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361159053980 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.160.8 67.142.160.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72DBAAB3-540A-4A8C-8E00-5CCADCA408EE}: DhcpNameServer = 67.142.160.8 67.142.160.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 001,053,184 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.DLL -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,018,944 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,000,064 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 03:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\AVG2014
[2013/09/27 03:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/27 03:50:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/27 03:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/27 03:31:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/09/27 03:00:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 02:57:45 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2013/09/27 02:57:41 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2013/09/27 02:57:05 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2013/09/27 02:57:00 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2013/09/27 02:56:09 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2013/09/27 02:56:05 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2013/09/27 02:55:55 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2013/09/27 02:55:33 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2013/09/27 02:55:19 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2013/09/27 02:55:15 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2013/09/27 02:55:11 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2013/09/27 02:55:05 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2013/09/27 02:55:00 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2013/09/27 02:54:55 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2013/09/27 02:54:51 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2013/09/27 02:54:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2013/09/27 02:54:18 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2013/09/27 02:54:14 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2013/09/27 02:54:09 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2013/09/27 02:54:04 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2013/09/27 02:53:42 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2013/09/27 02:53:27 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2013/09/27 02:53:23 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2013/09/27 02:53:11 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2013/09/27 02:53:07 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2013/09/27 02:53:03 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2013/09/27 02:52:59 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2013/09/27 02:52:55 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2013/09/27 02:52:51 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2013/09/27 02:52:20 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2013/09/27 02:52:14 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2013/09/27 02:52:11 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2013/09/27 02:52:09 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2013/09/27 02:52:05 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2013/09/27 02:52:01 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2013/09/27 02:51:46 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2013/09/27 02:51:43 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2013/09/27 02:51:09 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2013/09/27 02:51:05 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2013/09/27 02:51:02 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2013/09/27 02:50:57 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2013/09/27 02:50:50 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2013/09/27 02:49:59 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2013/09/27 02:49:55 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2013/09/27 02:49:51 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2013/09/27 02:49:48 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2013/09/27 02:49:44 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2013/09/27 02:49:19 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2013/09/27 02:49:16 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2013/09/27 02:49:12 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2013/09/27 02:49:04 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2013/09/27 02:48:34 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2013/09/27 02:48:30 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2013/09/27 02:48:27 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2013/09/27 02:48:24 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2013/09/27 02:47:57 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2013/09/27 02:47:49 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2013/09/27 02:47:46 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2013/09/27 02:47:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2013/09/27 02:47:26 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2013/09/27 02:47:23 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2013/09/27 02:47:19 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2013/09/27 02:47:16 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2013/09/27 02:47:12 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2013/09/27 02:47:09 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2013/09/27 02:47:06 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2013/09/27 02:47:02 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2013/09/27 02:46:55 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2013/09/27 02:46:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2013/09/27 02:46:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/09/27 02:46:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/09/27 02:46:50 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2013/09/27 02:46:49 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2013/09/27 02:46:34 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2013/09/27 02:46:28 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2013/09/27 02:46:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2013/09/27 02:46:20 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
 
[2013/09/27 02:46:05 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2013/09/27 02:46:01 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2013/09/27 02:45:44 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2013/09/27 02:45:41 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2013/09/27 02:45:38 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2013/09/27 02:45:26 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2013/09/27 02:44:40 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2013/09/27 02:44:27 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2013/09/27 02:44:25 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2013/09/27 02:44:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2013/09/27 02:43:40 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2013/09/27 02:43:37 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2013/09/27 02:43:34 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2013/09/27 02:43:30 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2013/09/27 02:43:08 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2013/09/27 02:41:48 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2013/09/27 02:41:45 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2013/09/27 02:41:39 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2013/09/27 02:41:29 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2013/09/27 02:41:25 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2013/09/27 02:41:15 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2013/09/27 02:41:12 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2013/09/27 02:41:09 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2013/09/27 02:41:06 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2013/09/27 02:41:03 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2013/09/27 02:41:00 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2013/09/27 02:40:51 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2013/09/27 02:40:47 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2013/09/27 02:40:44 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2013/09/27 02:40:41 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2013/09/27 02:39:11 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2013/09/27 02:38:48 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2013/09/27 02:38:45 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2013/09/27 02:38:43 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2013/09/27 02:38:40 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2013/09/27 02:38:40 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2013/09/27 02:38:37 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2013/09/27 02:38:27 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2013/09/27 02:38:24 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2013/09/27 02:38:21 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2013/09/27 02:38:18 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2013/09/27 02:38:13 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2013/09/27 02:38:10 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2013/09/27 02:37:16 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2013/09/27 02:36:36 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2013/09/27 02:34:54 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2013/09/27 02:34:45 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2013/09/27 02:34:15 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2013/09/27 02:34:13 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2013/09/27 02:34:10 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2013/09/27 02:33:55 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2013/09/27 02:33:43 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2013/09/27 02:33:41 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2013/09/27 02:33:36 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2013/09/27 02:33:33 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2013/09/27 02:33:31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2013/09/27 02:33:30 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2013/09/27 02:33:13 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2013/09/27 02:33:09 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2013/09/27 02:33:07 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2013/09/27 02:31:37 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2013/09/27 02:31:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2013/09/27 02:31:22 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2013/09/27 02:31:19 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2013/09/27 02:31:18 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2013/09/27 02:31:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2013/09/27 02:31:11 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2013/09/27 02:31:10 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2013/09/27 02:31:09 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2013/09/27 02:31:06 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2013/09/27 02:30:44 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2013/09/27 02:30:43 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2013/09/27 02:30:38 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2013/09/27 02:30:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2013/09/27 02:30:14 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2013/09/27 02:30:12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2013/09/27 02:30:11 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2013/09/27 02:30:10 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2013/09/27 02:30:09 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2013/09/27 02:30:08 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2013/09/27 02:30:06 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2013/09/27 02:29:57 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2013/09/27 02:29:43 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2013/09/27 02:29:33 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2013/09/27 02:29:26 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2013/09/27 02:29:25 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2013/09/27 02:29:24 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2013/09/27 02:29:24 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2013/09/27 02:29:23 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2013/09/27 02:29:20 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2013/09/27 02:29:20 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2013/09/27 02:29:19 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2013/09/27 02:29:18 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2013/09/27 02:29:16 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2013/09/27 02:29:15 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2013/09/27 02:29:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/09/27 02:28:44 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/09/27 02:28:44 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/09/27 02:28:43 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/09/27 02:28:42 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/09/27 02:28:42 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/09/27 02:28:41 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/09/27 02:28:40 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/09/27 02:28:39 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/09/27 02:28:37 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/09/27 02:28:37 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/09/27 02:28:36 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/09/27 02:28:35 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/09/27 02:28:34 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/09/27 02:28:33 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/09/27 02:28:33 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/09/27 02:28:32 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/09/27 02:28:31 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/09/27 02:28:31 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/09/27 02:28:26 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/09/27 02:28:22 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/09/27 02:28:21 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/09/27 02:28:20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/09/27 02:28:20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/09/27 02:28:19 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/09/27 02:28:18 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/09/27 02:28:18 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/09/27 02:27:51 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/09/27 02:27:46 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/09/27 02:27:35 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/09/27 02:27:33 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/09/27 02:27:32 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/09/27 02:27:32 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/09/27 02:27:31 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/09/27 02:27:29 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/09/27 02:27:24 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/09/27 02:27:24 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/09/27 02:27:21 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/09/27 02:27:20 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/09/27 02:27:19 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/09/27 00:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/09/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/09/27 00:31:16 | 214,262,072 | ---- | C] (COMODO) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\cav_installer.exe
[2013/09/26 10:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/26 10:17:59 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/09/26 10:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/26 10:09:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.exe
[2013/09/26 10:09:28 | 001,030,038 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\JRT.exe
[2013/09/26 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\MFAData
[2013/09/26 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/26 02:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\Avg2014
[2013/09/26 02:47:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/24 23:41:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/24 23:38:36 | 005,130,004 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\ComboFix.exe
[2013/09/24 00:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/24 00:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Desktop\mbar
[2013/09/23 23:28:35 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\mbar-1.07.0.1005.exe
[2013/09/23 23:28:31 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\unhide.exe
[2013/09/22 23:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Start Menu\Programs\Revo Uninstaller
[2013/09/22 23:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/09/22 18:30:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\dds.com
[2013/09/22 01:31:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/22 01:31:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/22 01:31:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/22 01:31:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/22 01:30:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/22 01:30:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/22 01:21:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/12 12:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\PCHealth
[2013/09/10 22:11:44 | 000,022,840 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/08 22:12:16 | 000,027,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/02 10:39:32 | 000,176,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/09/02 10:28:06 | 000,145,720 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/09/02 10:28:04 | 000,209,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/09/02 10:28:00 | 000,223,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/29 01:37:17 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/09/29 01:36:57 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/09/29 01:36:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/09/29 01:36:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/29 01:31:00 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/29 01:27:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/28 03:03:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC.job
[2013/09/27 23:42:59 | 000,462,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/27 23:42:59 | 000,078,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/27 03:50:59 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/27 03:32:24 | 001,454,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/27 03:29:03 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 03:24:06 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/27 03:23:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/09/27 03:23:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/09/26 19:58:38 | 005,369,204 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/09/26 14:13:04 | 214,262,072 | ---- | M] (COMODO) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\cav_installer.exe
[2013/09/26 10:45:38 | 000,386,834 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\start menu.jpg
[2013/09/26 10:44:14 | 000,470,343 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.jpg
[2013/09/26 10:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.exe
[2013/09/26 10:09:31 | 001,030,038 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\JRT.exe
[2013/09/26 10:09:01 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\adwcleaner.exe
[2013/09/26 03:15:45 | 000,424,702 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\antivirus.jpg
[2013/09/26 02:58:54 | 000,102,098 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\AVGInstLog.cab
[2013/09/24 23:42:05 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2013/09/24 23:39:03 | 005,130,004 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\ComboFix.exe
[2013/09/24 02:58:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC.com Update3.job
[2013/09/24 00:26:23 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\my restore.vbs
[2013/09/23 23:28:13 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2013/09/23 22:02:16 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\mbar-1.07.0.1005.exe
[2013/09/23 22:00:28 | 000,922,112 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\RogueKiller.exe
[2013/09/23 21:05:42 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\unhide.exe
[2013/09/22 22:23:21 | 000,425,964 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\uninstall problem.jpg
[2013/09/22 22:17:38 | 000,004,865 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\attach.zip
[2013/09/22 18:45:43 | 000,297,693 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal02.jpg
[2013/09/22 18:44:44 | 000,346,662 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal01.jpg
[2013/09/22 18:30:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.DeathBlow\Desktop\dds.com
[2013/09/22 13:54:33 | 000,487,239 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot03.jpg
[2013/09/22 13:53:31 | 000,267,847 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot02.jpg
[2013/09/22 13:49:39 | 000,331,956 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot.jpg
[2013/09/22 01:41:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_86
[2013/09/22 01:34:00 | 000,000,314 | ---- | M] () -- C:\Boot.bak
[2013/09/21 02:06:29 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/07 00:47:40 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2013/08/30 02:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/27 03:50:59 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/27 02:57:40 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2013/09/27 02:57:36 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2013/09/27 02:38:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2013/09/27 02:36:46 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2013/09/27 02:34:52 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2013/09/27 02:34:47 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2013/09/27 02:34:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2013/09/27 02:34:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2013/09/27 02:34:32 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2013/09/27 02:34:17 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2013/09/27 02:31:16 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2013/09/27 02:31:15 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2013/09/27 02:31:14 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2013/09/27 02:28:10 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/09/27 02:28:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/09/27 02:28:09 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/09/27 02:28:08 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/09/27 02:28:07 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/09/27 02:28:07 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/09/27 02:28:06 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/09/27 02:28:06 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/09/27 02:28:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/09/27 02:27:58 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/09/27 00:31:13 | 005,369,204 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/09/26 10:45:35 | 000,386,834 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\start menu.jpg
[2013/09/26 10:44:10 | 000,470,343 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\OTL.jpg
[2013/09/26 10:08:59 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\adwcleaner.exe
[2013/09/26 03:15:43 | 000,424,702 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\antivirus.jpg
[2013/09/26 02:58:54 | 000,102,098 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\AVGInstLog.cab
[2013/09/24 00:26:23 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\my restore.vbs
[2013/09/23 23:55:47 | 000,922,112 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\RogueKiller.exe
[2013/09/22 22:23:19 | 000,425,964 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\uninstall problem.jpg
[2013/09/22 22:17:38 | 000,004,865 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\attach.zip
[2013/09/22 18:45:40 | 000,297,693 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal02.jpg
[2013/09/22 18:44:42 | 000,346,662 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Malinstal01.jpg
[2013/09/22 13:54:31 | 000,487,239 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot03.jpg
[2013/09/22 13:53:29 | 000,267,847 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot02.jpg
[2013/09/22 13:49:37 | 000,331,956 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Desktop\Screenshot.jpg
[2013/09/22 01:34:00 | 000,000,314 | ---- | C] () -- C:\Boot.bak
[2013/09/22 01:33:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/22 01:31:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/22 01:31:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/22 01:31:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/22 01:31:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/22 01:31:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/07 00:47:40 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/08/24 16:18:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\housecall.guid.cache
[2013/08/22 00:38:32 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/08/18 23:35:23 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Application Data\mbam.context.scan
[2013/03/05 02:29:02 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2013/02/24 17:15:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2013/02/18 05:11:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/02/17 23:26:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2013/02/17 23:26:52 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2013/02/17 23:26:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2013/02/17 23:26:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2013/02/17 23:26:45 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2013/02/17 23:26:10 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/17 23:12:16 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Owner.DeathBlow\Local Settings\Application Data\fusioncache.dat
[2013/02/17 22:20:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2013/01/18 18:20:11 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2013/01/18 18:17:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2013/01/18 18:16:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2013/01/18 18:14:01 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2013/01/18 18:14:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013/01/18 18:06:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/01/18 16:52:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT

========== ZeroAccess Check ==========

[2005/01/09 20:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/07/25 03:12:59 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/19 00:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2013/09/07 01:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2013/08/19 00:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyTurboPC.com
[2013/01/18 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2013/02/19 02:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com
[2013/09/29 01:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/02/21 11:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/27 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/02/17 21:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/23 12:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/08/21 03:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/09/28 17:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/08/19 00:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyTurboPC.com
[2013/02/18 02:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2013/08/20 00:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/18 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2013/03/08 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/02/21 11:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\AVG January 2013 Campaign
[2013/09/27 03:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\AVG2014
[2013/03/08 02:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\BitTorrent
[2013/09/06 11:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\ElevatedDiagnostics
[2013/09/22 22:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\IObit
[2013/01/18 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\SampleView
[2013/02/17 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\TuneUp Software
[2013/02/19 02:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Windows Desktop Search
[2013/03/10 14:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Windows Search

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 9/27/2013 11:55:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner.DeathBlow\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 71.76% Memory free
3.72 Gb Paging File | 3.23 Gb Available in Paging File | 86.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 147.58 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
Drive D: | 4.39 Gb Total Space | 1.18 Gb Free Space | 26.85% Space Free | Partition Type: FAT32
Drive E: | 544.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEATHBLOW | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3853029286-1738026891-3066926711-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8A50D93C-79EE-425C-9464-3550978F4E56}" = File1 Package Manager
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F37CA8-53F8-4594-B701-32AE64BAED1A}" = MyTurboPC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B795F380-D3D6-4EA4-A4BB-27FC2FB0F8B2}" = Ant.com IE add-on
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6CE2447-877A-49C7-8273-9185C3873F79}" = AVG 2014
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1F85CCE-735F-4CD2-B5AA-1F471AA6AF11}" = AVG 2014
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2014
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX Setup
"gtw_logo" = gtw_logo
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.95
"Smart Defrag 2_is1" = Smart Defrag 2
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2013 12:10:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:40:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:40:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:43:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 1:43:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:10:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:10:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:18:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 3:18:24 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/19/2013 4:56:28 PM | Computer Name = DEATHBLOW | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 9/26/2013 11:17:59 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.ATL could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/26/2013 11:17:59 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.ATL. Reference error
message: The referenced assembly is not installed on your system. .

Error - 9/26/2013 2:02:12 PM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/26/2013 2:02:12 PM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/28/2013 12:32:30 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 9/28/2013 12:32:59 AM | Computer Name = DEATHBLOW | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.


< End of report >
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe WUSB54GSC.exe -- (WUSB54GSC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rm.sys -- (rm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\o1394bul.sys -- (o1394bul)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.DEA\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
FF - user.js - File not found
[2013/09/22 13:49:58 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\Owner.DeathBlow\Application Data\Mozilla\Firefox\Profiles\qfreinz8.default\extensions\ascsurfingprotection@iobit.com
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3853029286-1738026891-3066926711-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Back