rise Posted June 7, 2011 what should the encoding be set on ansi,unicode,unicode big endian or UTF-8 ? ANSI Share this post Link to post Share on other sites
rredbird Posted June 7, 2011 ANSI Ran as file and folder search REGEDIT.EXE is in C:/WINDOWS as well as C:/1386. Was wondering if there is anyway of doing the next repair You are asking me to do without using combofix. I have read SO MANY thing that say to ONLY use combofix as a last resort. Have seen so many times that everything is gone to the point of having to wipe system clean and start over. I also read that over 25% of the time this is just what happens. What is the repair you are trying to do next? Was wondering because all seems to be good now. NO viruses on any scan. Start up is great. And now the Regedit.Exe is back where it should be. So if you don't mind could you please tell me what we are trying to accomplish with the Combofix. Thank you, and I think you Rock!!! You and Seth together have gotten this notebook working again. Share this post Link to post Share on other sites
rise Posted June 8, 2011 Well, yes ComboFix is extremely powerful tool, and yes if used improperly can destroy machine. If machine is running better then we will skip CombFix. Open OTL Under the Extra Registry select Use SafeList Now click Run Scan When scan is finished copy OTL.txt and Extras.txt Share this post Link to post Share on other sites
rredbird Posted June 8, 2011 Well, yes ComboFix is extremely powerful tool, and yes if used improperly can destroy machine. If machine is running better then we will skip CombFix. Open OTL Under the Extra Registry select Use SafeList Now click Run Scan When scan is finished copy OTL.txt and Extras.txt Attachments:OTL & Extra txt Extras#4.Txt OTL#4.Txt Share this post Link to post Share on other sites
rise Posted June 8, 2011 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL [2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281 [2011/06/06 16:21:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/06/06 16:21:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/06/06 16:21:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/06/06 16:21:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/06/06 16:21:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/06/06 16:21:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/07 15:37:23 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\freedie\Desktop\copy.bat [2011/05/15 23:41:21 | 000,013,416 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683 [2011/05/15 21:00:41 | 000,013,412 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683 [2011/05/14 20:53:52 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\b6rkrv8a73spxby2vvgdh23go6k2up6vsdslct8n34k05yp :Commands [purity] [emptytemp] [resethosts] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done It will boot slower so be patient Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles Share this post Link to post Share on other sites
rredbird Posted June 8, 2011 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL [2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281 [2011/06/06 16:21:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/06/06 16:21:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/06/06 16:21:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/06/06 16:21:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/06/06 16:21:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/06/06 16:21:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/07 15:37:23 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\freedie\Desktop\copy.bat [2011/05/15 23:41:21 | 000,013,416 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683 [2011/05/15 21:00:41 | 000,013,412 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683 [2011/05/14 20:53:52 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\b6rkrv8a73spxby2vvgdh23go6k2up6vsdslct8n34k05yp :Commands [purity] [emptytemp] [resethosts] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done It will boot slower so be patient Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles Results attached. I also found a easy way to turn off your Avg 2011 : On avg just click components then click resident shield uncheck the resident shield active box. Then click save changes. To Reactivate recheck the same box and click save changes. So I didn't have to uninstall and reinstall AVG again. OTL Runfix Results data#2.txt Share this post Link to post Share on other sites
rise Posted June 8, 2011 Okay that's it If you have any problems let me know Open OTL and click CleanUp button,this will remove OTL and folder it created it will also remove other tools we used. If there are tools and logs that haven't been removed then do it manually Share this post Link to post Share on other sites
Seth Posted June 8, 2011 No reputable computer tech woold condone AVG. IMO, AVG is the most targeted antivrus software, OP, if you want something decent, then it's going to cost. Eset NOD 32 http://www.eset.com/us/ Share this post Link to post Share on other sites
rredbird Posted June 8, 2011 Okay that's it If you have any problems let me know Open OTL and click CleanUp button,this will remove OTL and folder it created it will also remove other tools we used. If there are tools and logs that haven't been removed then do it manually will this clean up leave malwarebytes free and SAS and avg or not? Share this post Link to post Share on other sites
rredbird Posted June 8, 2011 No reputable computer tech wold condone AVG. IMO, AVG is the most targeted antivrus software, OP, if you want something decent, then it's going to cost. Eset NOD 32 http://www.eset.com/us/ Is that compatible with malwarebytes free and SAS free? What is your suggestion for a free antivirus that is compatible with the two as well Seth? One more question directed to Rise does it hurt that the REGEDIT.EXE is in 2 folders the C:/WINDOWS (which I know it is suppose to be in ) and the C:/1386? ran a file folder search and it is in both. Share this post Link to post Share on other sites
rise Posted June 8, 2011 will this clean up leave malwarebytes free and SAS and avg or not? yes it will leave them Is that compatible with malwarebytes free and SAS free? What is your suggestion for a free antivirus that is compatible with the two as well Seth? yes ESET is compatible with malwarebytes and SAS free like all other AntiViruses are..I would recommend you for free av avast! http://www.avast.com/en-eu/free-antivirus-download in my opinion much better then AVG One more question directed to Rise does it hurt that the REGEDIT.EXE is in 2 folders the C:/WINDOWS (which I know it is suppose to be in ) and the C:/1386? ran a file folder search and it is in both. that is normal Share this post Link to post Share on other sites
rredbird Posted June 8, 2011 will this clean up leave malwarebytes free and SAS and avg or not? also one more question lol...wish I could think of these all at once...are we removing Otl and the other tools we used because they interfere with avg malwarebytes and SAS? Share this post Link to post Share on other sites
rredbird Posted June 9, 2011 yes it will leave them yes ESET is compatible with malwarebytes and SAS free like all other AntiViruses are..I would recommend you for free av avast! http://www.avast.com/en-eu/free-antivirus-download in my opinion much better then AVG that is normal I Ran the OTL clean up it removed all but the aswMBR and some small desktop icon files on the other ones. I deleted all but the aswMBR. The notebook is flying like a new one now,working great so far. Thank you,Seth for your help. I will consider your Rise's suggestions regarding a antivirus program. Rise,thank you so much for being so patient with me,and all my questions, it is greatly appreciated. You have been great! I will tell everyone I know,SAS program is a must have, and that the SAS forum is wonderful. Thanks a billion!!!! Share this post Link to post Share on other sites
rise Posted June 9, 2011 also one more question lol...wish I could think of these all at once...are we removing Otl and the other tools we used because they interfere with avg malwarebytes and SAS? We are removing them because they are "one time use" tools. They should be used only when someone who knows to work with them tell you so, they are very powerful and if used improperly can destroy machine So delete aswMBR also Stay safe Share this post Link to post Share on other sites
rredbird Posted June 9, 2011 We are removing them because they are "one time use" tools. They should be used only when someone who knows to work with them tell you so, they are very powerful and if used improperly can destroy machine So delete aswMBR also Stay safe OK Rise will do ...and thanks again for your help... Share this post Link to post Share on other sites
Seth Posted June 9, 2011 Is that compatible with malwarebytes free and SAS free? What is your suggestion for a free antivirus that is compatible with the two as well Seth? I don't know of any antivirus program that isn't compatible with MB or SAS. Most antivirus programs have similar detection rates. However, other considerations would be cost, resource usage, and popularity (The more popular your antivirus is, the more it's targeted). For a free antivirus, I suggest Avast, and for a paid, NOD32. For the ultimate in computer protection, other than not using the internet lol, you might want to consider a sandbox: http://www.sandboxie.com/ Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 I don't know of any antivirus program that isn't compatible with MB or SAS. Most antivirus programs have similar detection rates. However, other considerations would be cost, resource usage, and popularity (The more popular your antivirus is, the more it's targeted). For a free antivirus, I suggest Avast, and for a paid, NOD32. For the ultimate in computer protection, other than not using the internet lol, you might want to consider a sandbox: http://www.sandboxie.com/ got hit again ..i'm enclosing sas and mbam and avg logs...this time I'm locked out of accessing program file programs such as my broadband sas mbam mozilla..etc...I have to right click on icon and click run as and then in the box where it protect my computer and data from unauthorized program activity i have to uncheck it to get any thing to run so i can get online...so sorry i;m already having a problem again... and I promise i will take of the avg and put on avast if we can get this fixed this time ...I should have listen to you'll about avg..instead of all the others telling how great it is...i'm so sorry i didnt heed you'll warnings...cause I got hit in no time hardly.. mbam-log-2011-06-20 (.txt SUPERAntiSpyware Scan Log - 06-20-2011 - 03-02-27.zip avgrep 1.txt Share this post Link to post Share on other sites
rise Posted June 21, 2011 Well, let's see what's going on there Download OTL to your Desktop Double click on icon and select Quick scan When scan is finished it will produce 2 logs, copy/paste them into your reply Next Download aswMBR to your Desktop Double click the aswMBR.exe icon to run it Click the Scan button to start the scan On completion of the scan, click the Save log button, save it to your desktop and post it in your next reply. Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Well, let's see what's going on there Download OTL to your Desktop Double click on icon and select Quick scan When scan is finished it will produce 2 logs, copy/paste them into your reply Next Download aswMBR to your Desktop Double click the aswMBR.exe icon to run it Click the Scan button to start the scan On completion of the scan, click the Save log button, save it to your desktop and post it in your next reply. Otl wouldn't run the extra registry even in safe mode....I would make sure the the safelist was checked in it but ever time I clicked quick scan it would automatically reset to to none ...no matter how I tried..so no extras txt log aswMBR#a.txt Shortcut to OTL.Txt.zip Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Otl wouldn't run the extra registry even in safe mode....I would make sure the the safelist was checked in it but ever time I clicked quick scan it would automatically reset to to none ...no matter how I tried..so no extras txt log heres the copy and paste OTL sorry should read better so I can follow directions better: OTL logfile created on: 6/21/2011 8:07:11 AM - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\freedie\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.23 Mb Total Physical Memory | 803.42 Mb Available Physical Memory | 79.14% Memory free 2.39 Gb Paging File | 2.31 Gb Available in Paging File | 96.86% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 136.05 Gb Free Space | 91.29% Space Free | Partition Type: NTFS Drive D: | 48.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: CABALLO99 | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/06/21 07:48:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freedie\My Documents\Downloads\OTL.exe PRC - [2008/04/15 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2011/06/21 07:48:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freedie\My Documents\Downloads\OTL.exe MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/04/25 20:02:38 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) ========== Driver Services (SafeList) ========== DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys -- (PTUMWVsp) DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNSP.sys -- (PTUMWNSP) DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys -- (PTUMWMdm) DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCSP.sys -- (PTUMWCSP) DRV - [2010/07/20 09:00:08 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNET.sys -- (PTUMWNET) DRV - [2010/07/20 09:00:08 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys -- (PTUMWFLT) DRV - [2010/07/20 09:00:06 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMWBus.sys -- (PTUMWBus) DRV - [2010/07/20 09:00:06 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys -- (PTUMWCDF) DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/04/27 22:15:49 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2010/04/14 20:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5) DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009/06/29 15:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2009/06/01 19:57:44 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2009/04/21 12:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009/03/31 15:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008/11/21 20:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008/04/15 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/14 09:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-867624957-1142715932-3990699764-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-867624957-1142715932-3990699764-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-867624957-1142715932-3990699764-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ded70f2&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/06 19:29:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/06 19:29:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 22:19:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 22:19:47 | 000,000,000 | ---D | M] [2011/06/20 18:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011/05/16 22:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/06/06 19:29:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2011/06/06 19:29:35 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED [2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/06/08 11:54:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-867624957-1142715932-3990699764-500..\RunOnce: [avg_spchecker] File not found O4 - HKU\S-1-5-21-867624957-1142715932-3990699764-500..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-867624957-1142715932-3990699764-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/21 10:39:48 | 000,000,074 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe -- [2010/03/29 05:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/06/20 18:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar [2011/06/20 18:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2011/06/20 18:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2011/06/20 17:45:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2011/06/20 15:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Verizon Wireless [2011/06/20 15:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com [2011/06/17 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite [2011/06/17 18:44:03 | 000,115,216 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWNET.sys [2011/06/17 18:44:03 | 000,022,032 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWCDF.sys [2011/06/17 18:44:03 | 000,011,920 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWFLT.sys [2011/06/17 18:44:02 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWNSP.sys [2011/06/17 18:44:02 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWCSP.sys [2011/06/17 18:44:01 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWVsp.sys [2011/06/17 18:44:01 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWMdm.sys [2011/06/17 18:44:00 | 000,054,544 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWBus.sys [2011/06/17 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\PANTECH [2011/06/07 01:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2011/06/06 22:35:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011/06/06 22:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2011/06/06 19:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2011/06/06 19:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011 [2011/06/06 19:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2011/06/06 19:28:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/06/06 19:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011/06/06 16:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/06/04 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/06/02 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/06/02 11:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2011/06/02 11:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281 [2009/11/27 19:49:25 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009/11/27 19:49:21 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011/06/21 08:08:33 | 000,427,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/06/21 08:08:33 | 000,065,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/06/21 08:06:39 | 000,001,305 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk [2011/06/21 08:00:58 | 000,011,142 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 [2011/06/21 07:24:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job [2011/06/21 03:17:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-867624957-1142715932-3990699764-1007UA.job [2011/06/20 22:22:55 | 119,279,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/06/20 18:21:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/06/19 12:17:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-867624957-1142715932-3990699764-1007Core.job [2011/06/19 03:31:52 | 000,082,489 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2011/06/17 18:48:15 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk [2011/06/15 09:15:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/06/11 12:26:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/08 17:51:58 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/06/06 19:29:24 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/06 12:31:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/06/04 13:40:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/02 15:33:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/06/02 11:48:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011/06/21 08:06:39 | 000,001,305 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk [2011/06/20 22:22:55 | 119,279,309 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/06/20 18:21:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/06/20 01:41:54 | 000,011,142 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 [2011/06/19 03:31:52 | 000,082,489 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2011/06/17 18:48:15 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VZAccess Manager.lnk [2011/06/17 18:48:15 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk [2011/06/17 18:44:03 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll [2011/06/11 12:26:49 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/06 19:29:24 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/02 11:48:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/05/01 13:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/04/01 18:57:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/01 18:57:03 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/03/21 21:58:41 | 000,002,639 | ---- | C] () -- C:\WINDOWS\Ckikohapuveb.dat [2010/03/21 21:58:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Oyivetakobilobak.bin [2010/03/21 18:21:25 | 000,002,499 | ---- | C] () -- C:\WINDOWS\lsrslt.ini [2010/02/20 15:51:43 | 000,048,844 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/02/11 17:45:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/11/27 19:49:25 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009/11/27 19:49:25 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009/11/27 19:49:25 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2009/08/24 12:44:43 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/08/24 12:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/04/10 21:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/04/10 21:06:58 | 000,427,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009/04/10 21:06:58 | 000,065,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009/04/10 21:01:42 | 000,249,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/04/10 20:58:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/04/10 20:57:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/15 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/05/29 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/29 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2009/12/04 01:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy [2011/06/07 01:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2011/06/06 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2011/05/23 19:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281 [2011/05/14 09:52:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/11/29 00:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord [2010/10/12 16:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty [2010/05/12 20:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2010/10/17 09:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft [2011/06/06 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/10/15 17:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2009/12/01 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games [2010/04/27 11:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/08/24 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2011/06/17 18:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite [2011/06/03 17:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2009/12/17 16:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011/06/06 19:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\AVG10 [2010/05/22 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\funkitron [2010/12/20 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\iWin [2011/05/27 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\Smith Micro [2010/10/11 20:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\WildTangentv1001 [2011/06/21 07:24:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job ========== Purity Check ========== < End of report > Share this post Link to post Share on other sites
Seth Posted June 21, 2011 got hit again ..i'm enclosing sas and mbam and avg logs...this time I'm locked out of accessing program file programs such as my broadband sas mbam mozilla..etc...I have to right click on icon and click run as and then in the box where it protect my computer and data from unauthorized program activity i have to uncheck it to get any thing to run so i can get online...so sorry i;m already having a problem again... and I promise i will take of the avg and put on avast if we can get this fixed this time ...I should have listen to you'll about avg..instead of all the others telling how great it is...i'm so sorry i didnt heed you'll warnings...cause I got hit in no time hardly.. Given the amount of time that you've invested on this problem, and the amount of time that you're about to invest again, I suggest you back up your data and clean install Windows. It's quite easy to do on most systems. If you decide to take that suggestion, please post the make and model of the computer, as well as the version of the Windows that it runs. Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Given the amount of time that you've invested on this problem, and the amount of time that you're about to invest again, I suggest you back up your data and clean install Windows. It's quite easy to do on most systems. If you decide to take that suggestion, please post the make and model of the computer, as well as the version of the Windows that it runs. Seth this is a used notebook so I do not have any of the disks or anyway of backup the system and no access to system restore either.... it is a Compact mini 110c-1100 , XP home edition version 5.1.2600 Share this post Link to post Share on other sites
Seth Posted June 21, 2011 Is this your laptop: http://h10025.www1.hp.com/ewfrf/wc/product?product=4071201&lc=en&dlc=en&cc=us〈=en&key=null&site=null If so, it doesn't come with a hidden "Factory Restore" partition on the hard drive. It also doesn't look like it has an optical drive. Correct? BTW- Through your discussions with Rise, were you ever informed to disable System Restore before going through the disinfection procedure? Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Is this your laptop: http://h10025.www1.hp.com/ewfrf/wc/product?product=4071201&lc=en&dlc=en&cc=us〈=en&key=null&site=null If so, it doesn't come with a hidden "Factory Restore" partition on the hard drive. It also doesn't look like it has an optical drive. Correct? BTW- Through your discussions with Rise, were you ever informed to disable System Restore before going through the disinfection procedure? yea I believe that is it...that what it looks like...sorry I do not know what a optical drive is...your answer to Btw is no he did not ...the system restore was already that way when I got the notebook.. why I don't know.. Share this post Link to post Share on other sites
Seth Posted June 21, 2011 An optical drive is a CD or CD/DVD drive. Given that the laptop has no recovery partition, or an optical drive, then your only practical options are to bring it in to a shop, or continue with Rise's instructions. If you do the latter, I suggest you disable System Restore before proceeding. Share this post Link to post Share on other sites