Author Topic: Police-Report virus/ransomware (Read 11401 times)

jaynighte · « **on:** August 02, 2015, 12:26:31 PM »

I apologize in advance for what little information I can give, as I have been unable to follow the steps in the Sticky due to the nature of this virus.

My father has a desktop computer, an e-Machine with Windows XP. Recently, he left his computer on overnight to find himself with a full white screen with a text input box and the words "?echo $submit?" and "Waiting payment". after restarting the computer, he found that before this screen comes up and blocks everything, the Windows taskbar has something called "Police-Report" on it. If you wait long enough on the white screen, it says "press escape to try to connect to the internet. You have 30 seconds."

Alt+F4, Ctrl+alt+del, Windows key don't work so I can't close out of the fullscreen window. Booting in any safe mode fails to prevent the problem. I'm looking at options, but it seems like I might have to just have him do a complete reformat, complete reinstallation of Windows. Is there a way I can avoid doing that?

SuperDave · « **Reply #1 on:** August 02, 2015, 12:41:46 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Can you try running MBAM in Safe Mode?
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

It should update automatically if the computer is connected to the internet.
Click on Threat Scan and click on Scan Now.
The scan may take some time to finish,so please be patient.
When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
When disinfection is completed you can click on "Copy to Clipboard".
Paste the log in you next reply (CTRL+ V)

jaynighte · « **Reply #2 on:** August 02, 2015, 01:41:58 PM »

I cannot run ANYTHING in safe mode. As soon as it boots up - in Safe Mode, Safe Mode with Networking, AND Safe Mode with Command Prompt, the full-screen thing takes over.

SuperDave · « **Reply #3 on:** August 02, 2015, 08:05:13 PM »

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

jaynighte · « **Reply #4 on:** August 03, 2015, 11:22:16 AM »

I do not know how to copy the logs onto a USB drive if I cannot access anything except that screen...

SuperDave · « **Reply #5 on:** August 03, 2015, 01:07:08 PM »

If you follow the directions closely this disk that you will create will boot your computer from the disk. Then you can run the scan and post the logs here. If you have an internet connection you should be able to just copy and paste the logs in your next reply. Your first task is to create the disk correctly. If you have any more questions just ask me.

jaynighte · « **Reply #6 on:** August 03, 2015, 01:44:33 PM »

Under Drivers, it has None, Use SafeList, and All. There is no No Microsoft option.

jaynighte · « **Reply #7 on:** August 03, 2015, 02:51:32 PM »

After scanning with Drivers: Use Safelist:

OTL logfile created on: 8/3/2015 4:43:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 678.00 Mb Available Physical Memory | 76.00% Memory free
807.00 Mb Paging File | 717.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 116.33 Gb Free Space | 80.81% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 1.79 Gb Free Space | 35.26% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2015/07/27 18:39:45 | 001,195,920 | ---- | M] () [Auto] -- C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe -- (WtuSystemSupport)
SRV - [2015/07/27 18:39:42 | 001,874,320 | ---- | M] (AVG Secure Search) [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe -- (vToolbarUpdater18.8.0)
SRV - [2015/07/07 14:35:34 | 003,518,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/07/07 14:28:04 | 000,314,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2015/07/02 20:01:41 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/18 14:26:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/12/09 15:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (esgiguard)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2015/08/03 14:24:16 | 000,035,992 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2015/06/26 09:49:34 | 000,217,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys -- (AVGIDSDriverl)
DRV - [2015/06/16 15:54:52 | 000,207,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2015/06/10 16:38:10 | 000,170,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2015/05/14 13:49:12 | 000,029,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2015/05/12 14:46:06 | 000,213,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2015/05/12 14:45:04 | 000,190,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2015/05/07 13:52:08 | 000,290,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2015/03/20 12:18:22 | 000,035,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2015/03/11 12:13:46 | 000,132,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/02/13 17:26:02 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/10/30 19:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/06/20 11:51:34 | 000,017,672 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/03/28 16:34:22 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ghsdiag.sys -- (ghsdiag)
DRV - [2010/10/18 15:24:14 | 000,032,408 | ---- | M] (Google Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ghsandroid.sys -- (ghsandroid)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/02 04:32:14 | 004,613,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/08 23:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/18 18:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 18:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 18:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/26 12:06:30 | 000,356,096 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2001/08/17 08:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={FEE16A1B-5D1E-4541-BB7E-CADA8C1D7C2E}&mid=4d2af13ee30e47d1936dd15563896535-b2b927add38b943000256dd8aa85841600055bd3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-17 12:24:07&v=4.1.4.948&pid=wtu&sg=&sap=hp
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginen ame,S: ""
FF - prefs.js..browser.search.defaultthis.en gineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.hiddenOneOffs: "Amazon.com,eBay,Twitter,Wikipedia (en),Web Search,AVG Secure Search,DuckDuckGo"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: ""
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine,S: ""
FF - prefs.js..browser.search.suggest.enable d: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.brow ser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.brow ser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyw ord.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/07/02 19:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/07/02 19:59:56 | 000,000,000 | ---D | M]

[2010/06/22 13:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2015/07/17 13:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\extensions
[2015/07/17 12:24:59 | 000,014,296 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\avg-secure-search.xml
[2015/05/15 12:17:19 | 000,002,758 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\pinterest.xml
[2013/12/09 15:30:39 | 000,003,723 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\safeguard-secure-search.xml
[2013/02/04 10:01:20 | 000,002,763 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\web-search.xml
[2015/07/02 19:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2015/07/02 19:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2015/07/03 11:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/07/03 11:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2010/06/21 13:37:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Web TuneUp) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll (AVG)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Web TuneUp\vprot.exe ()
O4 - HKU\Owner_ON_C..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\Owner_ON_C..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\Owner_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 11.51.2)
O16 - DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 1.8.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 11.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~1\contin~1\sprote~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/05/19 13:25:54 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1677fce8-8c6f-11df-af68-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{1677fce8-8c6f-11df-af68-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3bd2a829-4bd1-11e3-b204-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd2a829-4bd1-11e3-b204-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3bd2a829-4bd1-11e3-b204-001c256d8cc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
O33 - MountPoints2\{60e9c712-f4db-11e4-b425-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{60e9c712-f4db-11e4-b425-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60e9c712-f4db-11e4-b425-001c256d8cc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf0327bc-2e6e-11e2-b2f4-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{cf0327bc-2e6e-11e2-b2f4-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3667767-f71e-11df-affb-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{f3667767-f71e-11df-affb-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3667767-f71e-11df-affb-001c256d8cc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2015/08/03 13:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2015/08/02 18:48:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2015/07/31 16:48:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Report
[2015/07/17 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Tutorials and DIY projects
[2015/07/17 17:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Summer 2015
[2015/07/17 12:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Web TuneUp
[2015/07/17 12:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2015/07/17 12:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2015/07/17 12:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
[2015/07/17 12:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Web TuneUp
[2015/07/05 18:20:38 | 000,096,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2015/07/05 18:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oracle
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/08/03 15:33:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/03 15:33:15 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/08/03 15:32:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/08/03 14:31:58 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk
[2015/08/03 14:24:16 | 000,035,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2015/08/03 14:16:33 | 000,006,370 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2015/08/03 13:47:33 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/31 21:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2015/07/29 16:14:12 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2015/07/26 17:07:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/07/20 17:43:06 | 000,084,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookwarm 40025833.jpg
[2015/07/18 18:15:47 | 000,096,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2015/07/18 18:15:43 | 000,146,432 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2015/07/18 13:04:03 | 000,209,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bookworm screen shot.pspimage
[2015/07/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2015/07/06 10:32:30 | 000,465,617 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pspbrwse.jbf
[2015/07/05 17:54:03 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/07/05 17:54:02 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/08/03 14:24:15 | 000,035,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2015/08/03 14:16:33 | 000,006,370 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2015/07/20 17:43:05 | 000,084,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookwarm 40025833.jpg
[2015/07/18 13:04:03 | 000,209,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bookworm screen shot.pspimage
[2014/12/11 11:01:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/04/12 23:10:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 23:10:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 23:10:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/30 21:14:13 | 000,001,110 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/11/14 13:01:29 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2012/11/07 19:50:09 | 000,000,360 | ---- | C] () -- C:\WINDOWS\dxtris.ini
[2012/11/07 19:09:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/09/05 20:21:03 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
[2012/02/16 16:44:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/18 16:35:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/18 12:00:36 | 000,160,990 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2010/09/13 13:34:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/05 11:12:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/14 18:03:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/07/10 18:00:02 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 13:16:24 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2010/06/24 16:07:20 | 000,040,246 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/22 13:21:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/22 11:14:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2010/06/22 11:14:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2010/06/21 12:15:39 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/18 14:34:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/18 14:17:50 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/06/18 14:06:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/18 14:06:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/06/18 14:06:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/06/18 14:06:27 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/06/18 14:06:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/06/18 14:06:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/06/18 14:05:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/06/18 14:05:52 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/06/18 14:04:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/06/18 14:04:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/09 18:38:37 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/09 18:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/09 18:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/09 18:38:33 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/09 18:38:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/09 18:38:30 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/09 18:38:30 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/11/09 18:38:29 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/09 18:38:23 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/09 18:38:21 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/01 01:30:45 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/05/06 20:40:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/06 20:36:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/06 20:24:27 | 000,001,364 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/06 20:24:27 | 000,000,457 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/05/06 20:24:14 | 000,441,866 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/06 20:24:14 | 000,071,610 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/06 13:31:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/06 13:30:06 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/11/15 19:16:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2015/04/21 16:57:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2015
[2010/06/18 14:43:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2010/06/18 15:04:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Spare Backup
[2015/03/30 10:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/04/05 13:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2011/07/22 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alien Skin
[2013/06/09 12:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2015/03/29 10:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/07/12 22:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2015/04/21 17:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2015
[2011/03/06 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
[2014/12/14 11:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.hughesnet.HughesNetStatusMeter
[2012/03/15 19:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
[2012/09/18 18:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/01/27 18:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2012/03/28 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2013/05/19 13:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/06/29 12:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2010/10/11 14:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2013/02/13 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MCPCSNR
[2013/05/18 15:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2013/01/11 10:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2010/11/20 16:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\One Million Manga Characters
[2015/03/02 18:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice
[2012/03/08 20:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/06/22 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeoplePal
[2011/07/14 12:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2010/06/18 14:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/01/11 22:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2013/01/10 22:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2015/08/03 14:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2012/03/16 17:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2012/03/16 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoopsSTD
[2010/06/24 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2012/03/28 12:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/03/17 14:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2015/03/29 10:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2015/07/17 12:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2015/07/17 12:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2015/07/17 12:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
[2011/09/24 18:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/10/15 10:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2015/04/21 17:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2015/04/21 16:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2015
[2015/02/25 18:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg_Update_0215tb
[2014/01/08 21:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2014/11/06 18:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish
[2010/10/05 16:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/05/16 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2015/04/24 18:30:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/10/15 13:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\contIInnuuetosaave
[2010/07/10 23:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/16 17:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
[2015/08/03 14:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/08/10 15:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/05/19 14:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/21 17:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2012/03/14 10:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series
[2013/05/09 11:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2015/08/03 09:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2015/07/18 18:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2012/03/16 17:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2015/07/22 13:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/28 12:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2014/12/11 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/12/05 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2014/08/01 18:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2010/06/18 16:28:50 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C65EA0E
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB03533D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
< End of report >

jaynighte · « **Reply #8 on:** August 03, 2015, 02:57:17 PM »

Using Drivers: None

OTL logfile created on: 8/3/2015 4:48:50 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 630.00 Mb Available Physical Memory | 70.00% Memory free
807.00 Mb Paging File | 683.00 Mb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 116.33 Gb Free Space | 80.81% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 1.79 Gb Free Space | 35.26% Space Free | Partition Type: FAT32
Drive E: | 7.58 Gb Total Space | 7.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2015/07/27 18:39:45 | 001,195,920 | ---- | M] () [Auto] -- C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe -- (WtuSystemSupport)
SRV - [2015/07/27 18:39:42 | 001,874,320 | ---- | M] (AVG Secure Search) [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe -- (vToolbarUpdater18.8.0)
SRV - [2015/07/07 14:35:34 | 003,518,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/07/07 14:28:04 | 000,314,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2015/07/02 20:01:41 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/18 14:26:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/12/09 15:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={FEE16A1B-5D1E-4541-BB7E-CADA8C1D7C2E}&mid=4d2af13ee30e47d1936dd15563896535-b2b927add38b943000256dd8aa85841600055bd3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-17 12:24:07&v=4.1.4.948&pid=wtu&sg=&sap=hp
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginen ame,S: ""
FF - prefs.js..browser.search.defaultthis.en gineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.hiddenOneOffs: "Amazon.com,eBay,Twitter,Wikipedia (en),Web Search,AVG Secure Search,DuckDuckGo"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: ""
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine,S: ""
FF - prefs.js..browser.search.suggest.enable d: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.brow ser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.brow ser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyw ord.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/07/02 19:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/07/02 19:59:56 | 000,000,000 | ---D | M]

[2010/06/22 13:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2015/07/17 13:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\extensions
[2015/07/17 12:24:59 | 000,014,296 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\avg-secure-search.xml
[2015/05/15 12:17:19 | 000,002,758 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\pinterest.xml
[2013/12/09 15:30:39 | 000,003,723 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\safeguard-secure-search.xml
[2013/02/04 10:01:20 | 000,002,763 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2zc4nyk.default-1356985882156\searchplugins\web-search.xml
[2015/07/02 19:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2015/07/02 19:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2015/07/03 11:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/07/03 11:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2010/06/21 13:37:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Web TuneUp) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll (AVG)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Web TuneUp\vprot.exe ()
O4 - HKU\Owner_ON_C..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\Owner_ON_C..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\Owner_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 11.51.2)
O16 - DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 1.8.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 11.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~1\contin~1\sprote~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/05/19 13:25:54 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1677fce8-8c6f-11df-af68-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{1677fce8-8c6f-11df-af68-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3bd2a829-4bd1-11e3-b204-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd2a829-4bd1-11e3-b204-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3bd2a829-4bd1-11e3-b204-001c256d8cc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
O33 - MountPoints2\{60e9c712-f4db-11e4-b425-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{60e9c712-f4db-11e4-b425-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60e9c712-f4db-11e4-b425-001c256d8cc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf0327bc-2e6e-11e2-b2f4-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{cf0327bc-2e6e-11e2-b2f4-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3667767-f71e-11df-affb-001c256d8cc6}\Shell - "" = AutoRun
O33 - MountPoints2\{f3667767-f71e-11df-affb-001c256d8cc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3667767-f71e-11df-affb-001c256d8cc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2015/08/03 13:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2015/08/02 18:48:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2015/07/31 16:48:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Report
[2015/07/17 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Tutorials and DIY projects
[2015/07/17 17:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Summer 2015
[2015/07/17 12:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Web TuneUp
[2015/07/17 12:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2015/07/17 12:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2015/07/17 12:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
[2015/07/17 12:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Web TuneUp
[2015/07/05 18:20:38 | 000,096,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2015/07/05 18:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oracle
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/08/03 15:33:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/03 15:33:15 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/08/03 15:32:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/08/03 14:31:58 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk
[2015/08/03 14:24:16 | 000,035,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2015/08/03 14:16:33 | 000,006,370 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2015/08/03 13:47:33 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/31 21:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2015/07/29 16:14:12 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2015/07/26 17:07:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/07/20 17:43:06 | 000,084,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookwarm 40025833.jpg
[2015/07/18 18:15:47 | 000,096,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2015/07/18 18:15:43 | 000,146,432 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2015/07/18 13:04:03 | 000,209,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bookworm screen shot.pspimage
[2015/07/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2015/07/06 10:32:30 | 000,465,617 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pspbrwse.jbf
[2015/07/05 17:54:03 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/07/05 17:54:02 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/08/03 14:24:15 | 000,035,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2015/08/03 14:16:33 | 000,006,370 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2015/07/20 17:43:05 | 000,084,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookwarm 40025833.jpg
[2015/07/18 13:04:03 | 000,209,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bookworm screen shot.pspimage
[2014/12/11 11:01:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/04/12 23:10:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 23:10:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 23:10:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/30 21:14:13 | 000,001,110 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/11/14 13:01:29 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2012/11/07 19:50:09 | 000,000,360 | ---- | C] () -- C:\WINDOWS\dxtris.ini
[2012/11/07 19:09:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/09/05 20:21:03 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
[2012/02/16 16:44:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/18 16:35:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/18 12:00:36 | 000,160,990 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2010/09/13 13:34:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/05 11:12:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/14 18:03:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/07/10 18:00:02 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 13:16:24 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2010/06/24 16:07:20 | 000,040,246 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/22 13:21:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/22 11:14:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2010/06/22 11:14:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2010/06/21 12:15:39 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/18 14:34:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/18 14:17:50 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/06/18 14:06:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/18 14:06:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/06/18 14:06:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/06/18 14:06:27 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/06/18 14:06:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/06/18 14:06:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/06/18 14:05:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/06/18 14:05:52 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/06/18 14:04:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/06/18 14:04:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/09 18:38:37 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/09 18:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/09 18:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/09 18:38:33 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/09 18:38:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/09 18:38:30 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/09 18:38:30 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/11/09 18:38:29 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/09 18:38:23 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/09 18:38:21 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/01 01:30:45 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/05/06 20:40:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/06 20:36:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/06 20:24:27 | 000,001,364 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/06 20:24:27 | 000,000,457 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/05/06 20:24:14 | 000,441,866 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/06 20:24:14 | 000,071,610 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/06 13:31:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/06 13:30:06 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/11/15 19:16:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2015/04/21 16:57:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2015
[2010/06/18 14:43:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2010/06/18 15:04:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Spare Backup
[2015/03/30 10:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/04/05 13:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2011/07/22 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alien Skin
[2013/06/09 12:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2015/03/29 10:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/07/12 22:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2015/04/21 17:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2015
[2011/03/06 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
[2014/12/14 11:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.hughesnet.HughesNetStatusMeter
[2012/03/15 19:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
[2012/09/18 18:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/01/27 18:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2012/03/28 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2013/05/19 13:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/06/29 12:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2010/10/11 14:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2013/02/13 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MCPCSNR
[2013/05/18 15:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2013/01/11 10:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2010/11/20 16:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\One Million Manga Characters
[2015/03/02 18:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice
[2012/03/08 20:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/06/22 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeoplePal
[2011/07/14 12:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2010/06/18 14:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/01/11 22:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2013/01/10 22:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2015/08/03 14:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2012/03/16 17:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2012/03/16 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoopsSTD
[2010/06/24 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2012/03/28 12:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/03/17 14:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2015/03/29 10:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2015/07/17 12:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2015/07/17 12:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2015/07/17 12:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
[2011/09/24 18:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/10/15 10:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2015/04/21 17:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2015/04/21 16:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2015
[2015/02/25 18:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg_Update_0215tb
[2014/01/08 21:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2014/11/06 18:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish
[2010/10/05 16:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/05/16 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2015/04/24 18:30:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/10/15 13:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\contIInnuuetosaave
[2010/07/10 23:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/16 17:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
[2015/08/03 14:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/08/10 15:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/05/19 14:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/21 17:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2012/03/14 10:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series
[2013/05/09 11:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2015/08/03 09:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2015/07/18 18:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2012/03/16 17:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2015/07/22 13:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/28 12:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2014/12/11 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/12/05 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2014/08/01 18:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2010/06/18 16:28:50 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C65EA0E
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB03533D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
< End of report >

Sorry about triple-posting. These wouldn't fit otherwise.

SuperDave · « **Reply #9 on:** August 04, 2015, 03:45:27 PM »

If you have internet connection download and install MBAM and run it. You should also take this opportunity to save your important data. You can save it to your D drive.

jaynighte · « **Reply #10 on:** August 04, 2015, 04:45:17 PM »

I was able to download and install the program, but running it only results in the program popping up for a small amount of time and then closing.

SuperDave · « **Reply #11 on:** August 04, 2015, 07:46:40 PM »

Ok, let's try this. Use your OTL disk to boot your computer. Go to Control Panel, Program and Features and look for any suspicious programs that has been installed just prior to you having this trouble. If you find any, uninstall them and try to re-boot your computer.

jaynighte · « **Reply #12 on:** August 04, 2015, 08:49:29 PM »

No programs are being listed in the Add or Remove Programs...

SuperDave · « **Reply #13 on:** August 05, 2015, 12:40:36 PM »

Did you save your important data? What OS is on this computer and do you have the OS disk?

jaynighte · « **Reply #14 on:** August 05, 2015, 12:56:38 PM »

The computer runs XP...it doesn't seem to have Service Pack 2. I can use the disc to transfer the important files. I have the XP disc.

Computer Hope Forum

News:

Author Topic: Police-Report virus/ransomware (Read 11401 times)

jaynighte

Police-Report virus/ransomware

SuperDave

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

SuperDave

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

SuperDave

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

SuperDave

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

SuperDave

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware

SuperDave

Re: Police-Report virus/ransomware

jaynighte

Re: Police-Report virus/ransomware