Jump to content
computertooter

System.BrokenFileAssociation. False Positive?

Recommended Posts

what should the encoding be set on ansi,unicode,unicode big endian or UTF-8 ?

ANSI

Share this post


Link to post
Share on other sites

ANSI

Ran as file and folder search REGEDIT.EXE is in C:/WINDOWS as well as C:/1386. Was wondering if there is anyway of doing the next repair You are asking me to do without using combofix. I have read SO MANY thing that say to ONLY use combofix as a last resort. Have seen so many times that everything is gone to the point of having to wipe system clean and start over. I also read that over 25% of the time this is just what happens. What is the repair you are trying to do next? Was wondering because all seems to be good now. NO viruses on any scan. Start up is great. And now the Regedit.Exe is back where it should be. So if you don't mind could you please tell me what we are trying to accomplish with the Combofix. Thank you, and I think you Rock!!! You and Seth together have gotten this notebook working again.

Share this post


Link to post
Share on other sites

Well, yes ComboFix is extremely powerful tool, and yes if used improperly can destroy machine.

If machine is running better then we will skip CombFix.

  • Open OTL

  • Under the Extra Registry select Use SafeList
  • Now click Run Scan
  • When scan is finished copy OTL.txt and Extras.txt

Share this post


Link to post
Share on other sites

Well, yes ComboFix is extremely powerful tool, and yes if used improperly can destroy machine.

If machine is running better then we will skip CombFix.

  • Open OTL

  • Under the Extra Registry select Use SafeList
  • Now click Run Scan
  • When scan is finished copy OTL.txt and Extras.txt

Attachments:OTL & Extra txt

Extras#4.Txt

OTL#4.Txt

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281
[2011/06/06 16:21:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/06 16:21:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/06 16:21:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/06 16:21:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/06 16:21:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/06 16:21:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/07 15:37:23 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\freedie\Desktop\copy.bat
[2011/05/15 23:41:21 | 000,013,416 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/15 21:00:41 | 000,013,412 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/14 20:53:52 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\b6rkrv8a73spxby2vvgdh23go6k2up6vsdslct8n34k05yp
:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • It will boot slower so be patient
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281
[2011/06/06 16:21:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/06 16:21:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/06 16:21:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/06 16:21:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/06 16:21:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/06 16:21:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/07 15:37:23 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\freedie\Desktop\copy.bat
[2011/05/15 23:41:21 | 000,013,416 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/15 21:00:41 | 000,013,412 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683
[2011/05/14 20:53:52 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\b6rkrv8a73spxby2vvgdh23go6k2up6vsdslct8n34k05yp
:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • It will boot slower so be patient
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Results attached. I also found a easy way to turn off your Avg 2011 : On avg just click components then click resident shield uncheck the resident shield active box. Then click save changes. To Reactivate recheck the same box and click save changes.

So I didn't have to uninstall and reinstall AVG again.

OTL Runfix Results data#2.txt

Share this post


Link to post
Share on other sites

Okay that's it

If you have any problems let me know

Open OTL and click CleanUp button,this will remove OTL and folder it created it will also remove other tools we used.

If there are tools and logs that haven't been removed then do it manually

Share this post


Link to post
Share on other sites

No reputable computer tech woold condone AVG.

IMO, AVG is the most targeted antivrus software,

OP, if you want something decent, then it's going to cost. Eset NOD 32 http://www.eset.com/us/

Share this post


Link to post
Share on other sites

Okay that's it

If you have any problems let me know

Open OTL and click CleanUp button,this will remove OTL and folder it created it will also remove other tools we used.

If there are tools and logs that haven't been removed then do it manually

will this clean up leave malwarebytes free and SAS and avg or not?

Share this post


Link to post
Share on other sites

No reputable computer tech wold condone AVG.

IMO, AVG is the most targeted antivrus software,

OP, if you want something decent, then it's going to cost. Eset NOD 32 http://www.eset.com/us/

Is that compatible with malwarebytes free and SAS free? What is your suggestion for a free antivirus that is compatible with the two as well Seth?

One more question directed to Rise does it hurt that the REGEDIT.EXE is in 2 folders the C:/WINDOWS (which I know it is suppose to be in ) and the C:/1386? ran a file folder search and it is in both.

Share this post


Link to post
Share on other sites
will this clean up leave malwarebytes free and SAS and avg or not?

yes it will leave them

Is that compatible with malwarebytes free and SAS free? What is your suggestion for a free antivirus that is compatible with the two as well Seth?

yes ESET is compatible with malwarebytes and SAS free like all other AntiViruses are..I would recommend you for free av avast! http://www.avast.com/en-eu/free-antivirus-download in my opinion much better then AVG

One more question directed to Rise does it hurt that the REGEDIT.EXE is in 2 folders the C:/WINDOWS (which I know it is suppose to be in ) and the C:/1386? ran a file folder search and it is in both.

that is normal

Share this post


Link to post
Share on other sites

will this clean up leave malwarebytes free and SAS and avg or not?

also one more question lol...wish I could think of these all at once...are we removing Otl and the other tools we used because they interfere with avg malwarebytes and SAS?

Share this post


Link to post
Share on other sites

yes it will leave them

yes ESET is compatible with malwarebytes and SAS free like all other AntiViruses are..I would recommend you for free av avast! http://www.avast.com/en-eu/free-antivirus-download in my opinion much better then AVG

that is normal

I Ran the OTL clean up it removed all but the aswMBR and some small desktop icon files on the other ones. I deleted all but the aswMBR. The notebook is flying like a new one now,working great so far. Thank you,Seth for your help. I will consider your Rise's suggestions regarding a antivirus program. Rise,thank you so much for being so patient with me,and all my questions, it is greatly appreciated. You have been great! I will tell everyone I know,SAS program is a must have, and that the SAS forum is wonderful. Thanks a billion!!!!

Share this post


Link to post
Share on other sites

also one more question lol...wish I could think of these all at once...are we removing Otl and the other tools we used because they interfere with avg malwarebytes and SAS?

We are removing them because they are "one time use" tools. They should be used only when someone who knows to work with them tell you so, they are very powerful and if used improperly can destroy machine

So delete aswMBR also

Stay safe :mrgreen:

Share this post


Link to post
Share on other sites

We are removing them because they are "one time use" tools. They should be used only when someone who knows to work with them tell you so, they are very powerful and if used improperly can destroy machine

So delete aswMBR also

Stay safe :mrgreen:

OK Rise will do ...and thanks again for your help...

Share this post


Link to post
Share on other sites

Is that compatible with malwarebytes free and SAS free? What is your suggestion for a free antivirus that is compatible with the two as well Seth?

I don't know of any antivirus program that isn't compatible with MB or SAS.

Most antivirus programs have similar detection rates. However, other considerations would be cost, resource usage, and popularity (The more popular your antivirus is, the more it's targeted). For a free antivirus, I suggest Avast, and for a paid, NOD32.

For the ultimate in computer protection, other than not using the internet lol, you might want to consider a sandbox:

http://www.sandboxie.com/

Share this post


Link to post
Share on other sites

I don't know of any antivirus program that isn't compatible with MB or SAS.

Most antivirus programs have similar detection rates. However, other considerations would be cost, resource usage, and popularity (The more popular your antivirus is, the more it's targeted). For a free antivirus, I suggest Avast, and for a paid, NOD32.

For the ultimate in computer protection, other than not using the internet lol, you might want to consider a sandbox:

http://www.sandboxie.com/

got hit again ..i'm enclosing sas and mbam and avg logs...this time I'm locked out of accessing program file programs such as my broadband sas mbam mozilla..etc...I have to right click on icon and click run as and then in the box where it protect my computer and data from unauthorized program activity i have to uncheck it to get any thing to run so i can get online...so sorry i;m already having a problem again... and I promise i will take of the avg and put on avast if we can get this fixed this time ...I should have listen to you'll about avg..instead of all the others telling how great it is...i'm so sorry i didnt heed you'll warnings...cause I got hit in no time hardly..

mbam-log-2011-06-20 (.txt

SUPERAntiSpyware Scan Log - 06-20-2011 - 03-02-27.zip

avgrep 1.txt

Share this post


Link to post
Share on other sites

Well, let's see what's going on there

Download OTL to your Desktop

  • Double click on icon and select Quick scan
  • When scan is finished it will produce 2 logs, copy/paste them into your reply

Next

Download aswMBR to your Desktop

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the Save log button, save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

Well, let's see what's going on there

Download OTL to your Desktop

  • Double click on icon and select Quick scan
  • When scan is finished it will produce 2 logs, copy/paste them into your reply

Next

Download aswMBR to your Desktop

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the Save log button, save it to your desktop and post it in your next reply.

Otl wouldn't run the extra registry even in safe mode....I would make sure the the safelist was checked in it but ever time I clicked quick scan it would automatically reset to to none ...no matter how I tried..so no extras txt log

aswMBR#a.txt

Shortcut to OTL.Txt.zip

Share this post


Link to post
Share on other sites

Otl wouldn't run the extra registry even in safe mode....I would make sure the the safelist was checked in it but ever time I clicked quick scan it would automatically reset to to none ...no matter how I tried..so no extras txt log

heres the copy and paste OTL sorry should read better so I can follow directions better:

OTL logfile created on: 6/21/2011 8:07:11 AM - Run 2

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\freedie\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 803.42 Mb Available Physical Memory | 79.14% Memory free

2.39 Gb Paging File | 2.31 Gb Available in Paging File | 96.86% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 136.05 Gb Free Space | 91.29% Space Free | Partition Type: NTFS

Drive D: | 48.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CABALLO99 | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 07:48:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freedie\My Documents\Downloads\OTL.exe

PRC - [2008/04/15 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 07:48:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freedie\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/04/25 20:02:38 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys -- (PTUMWVsp)

DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNSP.sys -- (PTUMWNSP)

DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys -- (PTUMWMdm)

DRV - [2010/07/20 09:00:08 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCSP.sys -- (PTUMWCSP)

DRV - [2010/07/20 09:00:08 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNET.sys -- (PTUMWNET)

DRV - [2010/07/20 09:00:08 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys -- (PTUMWFLT)

DRV - [2010/07/20 09:00:06 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMWBus.sys -- (PTUMWBus)

DRV - [2010/07/20 09:00:06 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys -- (PTUMWCDF)

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/27 22:15:49 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)

DRV - [2010/04/14 20:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)

DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/06/29 15:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2009/06/01 19:57:44 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/04/21 12:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2009/03/31 15:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2008/11/21 20:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)

DRV - [2008/04/15 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/14 09:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-867624957-1142715932-3990699764-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-867624957-1142715932-3990699764-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-867624957-1142715932-3990699764-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ded70f2&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/06 19:29:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/06 19:29:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 22:19:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 22:19:47 | 000,000,000 | ---D | M]

[2011/06/20 18:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/05/16 22:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/06/06 19:29:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

[2011/06/06 19:29:35 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED

[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/08 11:54:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-867624957-1142715932-3990699764-500..\RunOnce: [avg_spchecker] File not found

O4 - HKU\S-1-5-21-867624957-1142715932-3990699764-500..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\S-1-5-21-867624957-1142715932-3990699764-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/21 10:39:48 | 000,000,074 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe -- [2010/03/29 05:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 18:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

[2011/06/20 18:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2011/06/20 18:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2011/06/20 17:45:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE

[2011/06/20 15:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Verizon Wireless

[2011/06/20 15:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2011/06/17 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite

[2011/06/17 18:44:03 | 000,115,216 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWNET.sys

[2011/06/17 18:44:03 | 000,022,032 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWCDF.sys

[2011/06/17 18:44:03 | 000,011,920 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWFLT.sys

[2011/06/17 18:44:02 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWNSP.sys

[2011/06/17 18:44:02 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWCSP.sys

[2011/06/17 18:44:01 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWVsp.sys

[2011/06/17 18:44:01 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMWMdm.sys

[2011/06/17 18:44:00 | 000,054,544 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMWBus.sys

[2011/06/17 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\PANTECH

[2011/06/07 01:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2011/06/06 22:35:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011/06/06 22:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2011/06/06 19:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/06/06 19:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011

[2011/06/06 19:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/06/06 19:28:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2011/06/06 19:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2011/06/06 16:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/06/04 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/06/02 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/06/02 11:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/06/02 11:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281

[2009/11/27 19:49:25 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/11/27 19:49:21 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/21 08:08:33 | 000,427,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/21 08:08:33 | 000,065,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/21 08:06:39 | 000,001,305 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk

[2011/06/21 08:00:58 | 000,011,142 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5

[2011/06/21 07:24:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job

[2011/06/21 03:17:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-867624957-1142715932-3990699764-1007UA.job

[2011/06/20 22:22:55 | 119,279,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/06/20 18:21:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/19 12:17:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-867624957-1142715932-3990699764-1007Core.job

[2011/06/19 03:31:52 | 000,082,489 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/06/17 18:48:15 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk

[2011/06/15 09:15:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/11 12:26:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/06/08 17:51:58 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/06/06 19:29:24 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/06/06 12:31:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/04 13:40:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/02 15:33:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/06/02 11:48:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/21 08:06:39 | 000,001,305 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk

[2011/06/20 22:22:55 | 119,279,309 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/06/20 18:21:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/20 01:41:54 | 000,011,142 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5

[2011/06/19 03:31:52 | 000,082,489 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/06/17 18:48:15 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VZAccess Manager.lnk

[2011/06/17 18:48:15 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk

[2011/06/17 18:44:03 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll

[2011/06/11 12:26:49 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/06/06 19:29:24 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/06/02 11:48:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/01 13:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/04/01 18:57:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/01 18:57:03 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/03/21 21:58:41 | 000,002,639 | ---- | C] () -- C:\WINDOWS\Ckikohapuveb.dat

[2010/03/21 21:58:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Oyivetakobilobak.bin

[2010/03/21 18:21:25 | 000,002,499 | ---- | C] () -- C:\WINDOWS\lsrslt.ini

[2010/02/20 15:51:43 | 000,048,844 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/02/11 17:45:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/11/27 19:49:25 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/11/27 19:49:25 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/11/27 19:49:25 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2009/08/24 12:44:43 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/08/24 12:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/04/10 21:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/04/10 21:06:58 | 000,427,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2009/04/10 21:06:58 | 000,065,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2009/04/10 21:01:42 | 000,249,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/04/10 20:58:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/04/10 20:57:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/15 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/29 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/05/29 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2009/12/04 01:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2011/06/07 01:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/06/06 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/05/23 19:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281

[2011/05/14 09:52:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/11/29 00:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord

[2010/10/12 16:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty

[2010/05/12 20:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii

[2010/10/17 09:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2011/06/06 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/15 17:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2009/12/01 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

[2010/04/27 11:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/24 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2011/06/17 18:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite

[2011/06/03 17:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2009/12/17 16:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2011/06/06 19:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\AVG10

[2010/05/22 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\funkitron

[2010/12/20 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\iWin

[2011/05/27 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\Smith Micro

[2010/10/11 20:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freedie\Application Data\WildTangentv1001

[2011/06/21 07:24:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

got hit again ..i'm enclosing sas and mbam and avg logs...this time I'm locked out of accessing program file programs such as my broadband sas mbam mozilla..etc...I have to right click on icon and click run as and then in the box where it protect my computer and data from unauthorized program activity i have to uncheck it to get any thing to run so i can get online...so sorry i;m already having a problem again... and I promise i will take of the avg and put on avast if we can get this fixed this time ...I should have listen to you'll about avg..instead of all the others telling how great it is...i'm so sorry i didnt heed you'll warnings...cause I got hit in no time hardly..

Given the amount of time that you've invested on this problem, and the amount of time that you're about to invest again, I suggest you back up your data and clean install Windows. It's quite easy to do on most systems. If you decide to take that suggestion, please post the make and model of the computer, as well as the version of the Windows that it runs.

Share this post


Link to post
Share on other sites

Given the amount of time that you've invested on this problem, and the amount of time that you're about to invest again, I suggest you back up your data and clean install Windows. It's quite easy to do on most systems. If you decide to take that suggestion, please post the make and model of the computer, as well as the version of the Windows that it runs.

Seth this is a used notebook so I do not have any of the disks or anyway of backup the system and no access to system restore either.... it is a Compact mini 110c-1100 , XP home edition version 5.1.2600

Share this post


Link to post
Share on other sites

Is this your laptop: http://h10025.www1.hp.com/ewfrf/wc/product?product=4071201&lc=en&dlc=en&cc=us〈=en&key=null&site=null

If so, it doesn't come with a hidden "Factory Restore" partition on the hard drive. It also doesn't look like it has an optical drive. Correct?

BTW- Through your discussions with Rise, were you ever informed to disable System Restore before going through the disinfection procedure?

Share this post


Link to post
Share on other sites

Is this your laptop: http://h10025.www1.hp.com/ewfrf/wc/product?product=4071201&lc=en&dlc=en&cc=us〈=en&key=null&site=null

If so, it doesn't come with a hidden "Factory Restore" partition on the hard drive. It also doesn't look like it has an optical drive. Correct?

BTW- Through your discussions with Rise, were you ever informed to disable System Restore before going through the disinfection procedure?

yea I believe that is it...that what it looks like...sorry I do not know what a optical drive is...your answer to Btw is no he did not ...the system restore was already that way when I got the notebook.. why I don't know..

Share this post


Link to post
Share on other sites

An optical drive is a CD or CD/DVD drive.

Given that the laptop has no recovery partition, or an optical drive, then your only practical options are to bring it in to a shop, or continue with Rise's instructions. If you do the latter, I suggest you disable System Restore before proceeding.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...