View Full Version : Search Engines Redirected! HELP!!!!
mattdog21
2010-03-21, 19:14
Hi,
My PC's been hijacked. Here is My HJT log. Please Advise.
Thanks
Matt D.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:10:22 PM, on 3/21/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} (XTSAC Control) - https://sslvpn.waynemutual.com/XTSAC.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} (NGVPLaunch Class) - https://sslvpn.waynemutual.com/NGVPNTunnel.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nortel CVC Service (NvcRpcServer) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\NvcRpcSvr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14177 bytes
IndiGenus
2010-03-22, 14:17
Hello and welcome to the forums here at Spybot S&D.
I'd like to get a better look at things here.
Run OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
++++++++++++++++
Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.
Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.
mattdog21
2010-03-23, 01:56
Thanks for quick response.
here is OTL.txt
OTL logfile created on: 3/22/2010 8:10:27 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 182.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.99 Gb Total Space | 48.11 Gb Free Space | 34.62% Space Free | Partition Type: NTFS
Drive D: | 10.06 Gb Total Space | 1.06 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/22 19:38:45 | 000,201,728 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\ave.exe
PRC - [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010/03/20 16:33:22 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/20 16:33:20 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/20 16:33:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/20 16:32:43 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/20 16:32:21 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/20 16:32:16 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/20 16:32:05 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/20 09:41:59 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/20 23:09:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/18 22:22:58 | 000,266,339 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/06 00:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 10:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
========== Modules (SafeList) ==========
MOD - [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2010/03/20 16:33:21 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/03/20 16:33:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/20 16:32:43 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/20 16:32:29 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/03/20 16:32:23 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/25 08:03:56 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/18 22:23:00 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/05/18 22:22:58 | 000,266,339 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Stopped] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)
SRV - [2007/01/14 09:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 05:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/06 00:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/06 00:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 10:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/access/autosearch.asp?p=%s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/20 16:40:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/20 09:46:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/20 09:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/01 13:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/12/30 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2010/03/22 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\crrdj11o.default\extensions
[2009/12/30 16:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\crrdj11o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/22 18:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: waynemutual.com ([sslvpn] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} https://sslvpn.waynemutual.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} https://sslvpn.waynemutual.com/NGVPNTunnel.cab (NGVPLaunch Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/25 08:42:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* ()
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Sarah\AppData\Local\ave.exe" /START "%1" %* ()
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/06/14 16:51:09 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/03/22 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Desktop\New Folder
[2010/03/22 18:19:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/03/22 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\AVG9
[2010/03/21 19:36:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/21 12:50:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/21 12:50:50 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/21 12:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 10:38:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010/03/21 10:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/20 16:33:21 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/20 11:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/20 11:33:19 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/03/20 11:33:18 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/03/20 11:33:16 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/20 11:33:00 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/20 11:32:58 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/20 11:32:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/03/20 11:29:00 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/03/20 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/20 11:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/20 10:13:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/03/20 10:13:49 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/03/20 10:13:49 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/03/20 10:13:49 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/03/20 10:00:48 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/03/20 10:00:48 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/03/20 10:00:26 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/20 10:00:25 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/03/20 09:59:49 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/03/20 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PC Tools
[2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/03/19 17:17:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/19 17:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/03/19 17:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/19 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/19 12:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/03/19 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DVDFab
[2008/01/04 19:34:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sarah\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 14 Days ==========
[2010/03/22 20:17:54 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/03/22 20:17:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/22 20:17:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/22 19:56:09 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/22 19:54:43 | 000,068,645 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\nvModes.001
[2010/03/22 19:47:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/22 19:39:17 | 000,011,446 | -HS- | M] () -- C:\ProgramData\1363166623
[2010/03/22 19:39:15 | 000,011,446 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\VH56DJI7u87yo
[2010/03/22 19:38:45 | 000,201,728 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\ave.exe
[2010/03/22 19:35:12 | 000,011,450 | -HS- | M] () -- C:\ProgramData\VH56DJI7u87yo
[2010/03/22 19:35:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/22 19:35:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/22 19:34:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/22 19:33:49 | 1005,469,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 18:54:01 | 057,538,596 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/22 18:32:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2560255393-9658072-2611782331-1000UA.job
[2010/03/22 18:18:00 | 000,293,376 | ---- | M] () -- C:\if1xljrs.exe
[2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/03/22 18:11:05 | 000,068,645 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\nvModes.dat
[2010/03/22 10:24:32 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/03/22 10:15:48 | 193,067,098 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/21 19:32:13 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2560255393-9658072-2611782331-1000Core.job
[2010/03/21 14:08:00 | 000,002,523 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\HiJackThis.lnk
[2010/03/21 12:50:57 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 12:31:49 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/21 12:31:49 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/21 12:31:21 | 003,127,086 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/03/20 17:33:23 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/20 17:33:23 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/20 17:33:23 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/20 16:33:28 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/20 16:33:21 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/20 16:33:21 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/20 16:32:51 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/03/20 16:32:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/20 16:32:08 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/03/20 11:33:22 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/03/20 11:32:58 | 000,572,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/03/20 11:32:57 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/20 11:32:40 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/03/20 11:32:40 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/03/20 11:32:40 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/20 11:29:00 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/03/20 09:46:37 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/20 09:09:18 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat_previous
[2010/03/19 16:28:45 | 000,000,036 | ---- | M] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2010/03/16 20:09:24 | 000,224,256 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\Loan_calc_extra_payments.xls
[2010/03/14 21:15:03 | 000,000,062 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\Web History.URL
[2010/03/14 21:15:03 | 000,000,062 | ---- | M] () -- C:\Users\Sarah\Documents\Web History.URL
========== Files Created - No Company Name ==========
[2010/03/22 19:38:46 | 000,011,446 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\VH56DJI7u87yo
[2010/03/22 19:38:46 | 000,011,446 | -HS- | C] () -- C:\ProgramData\1363166623
[2010/03/22 19:38:45 | 000,201,728 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\ave.exe
[2010/03/22 18:19:22 | 000,293,376 | ---- | C] () -- C:\if1xljrs.exe
[2010/03/22 11:36:45 | 000,011,450 | -HS- | C] () -- C:\ProgramData\VH56DJI7u87yo
[2010/03/21 14:03:16 | 000,002,523 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\HiJackThis.lnk
[2010/03/21 12:50:57 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 11:33:22 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/03/20 11:32:57 | 000,572,937 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/03/20 11:32:57 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/20 11:32:40 | 057,538,596 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/20 11:32:40 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/03/20 11:32:40 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/03/20 11:32:40 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/20 10:13:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/20 10:13:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/20 10:13:50 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/03/20 10:13:50 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/03/20 10:13:50 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/03/20 10:13:49 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/03/20 10:00:48 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/03/20 10:00:26 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/03/20 10:00:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/03/20 09:59:49 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/03/19 16:28:45 | 000,000,036 | ---- | C] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2010/03/19 07:29:16 | 000,000,062 | ---- | C] () -- C:\Users\Sarah\Documents\Web History.URL
[2010/03/14 21:15:03 | 000,000,062 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\Web History.URL
[2010/03/14 16:24:55 | 000,224,256 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\Loan_calc_extra_payments.xls
[2008/04/11 07:54:45 | 000,007,268 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2008/02/06 23:01:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/02/06 22:57:32 | 000,000,077 | ---- | C] () -- C:\Windows\EPSC120.ini
[2008/01/11 16:23:14 | 000,019,968 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/04 21:58:40 | 000,000,452 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2008/01/04 19:35:35 | 000,000,033 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.log
[2008/01/04 19:34:19 | 000,087,608 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\ezpinst.exe
[2008/01/04 19:34:19 | 000,007,824 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.cat
[2008/01/04 19:34:19 | 000,001,144 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.inf
[2007/12/24 13:30:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/12/23 14:25:52 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\FnF4.txt
[2007/12/22 16:43:17 | 000,068,645 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\nvModes.001
[2007/12/22 16:43:10 | 000,068,645 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\nvModes.dat
[2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\QSwitch.txt
[2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DSwitch.txt
[2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\AtStart.txt
[2007/07/25 08:31:36 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 17:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
========== LOP Check ==========
[2010/03/22 18:11:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\AVG9
[2008/04/17 10:06:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canon
[2010/03/19 10:53:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDFab
[2010/02/21 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Facebook
[2008/02/06 23:07:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2008/08/27 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Medstrat
[2009/12/24 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MoveFab
[2010/01/24 09:27:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Snapfish
[2008/01/04 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2007/12/26 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2010/03/20 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2010/03/19 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Vso
[2008/01/28 22:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent
[2010/03/22 20:16:38 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2010/03/22 18:18:00 | 000,293,376 | ---- | M] () -- C:\if1xljrs.exe
[2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2010/03/20 09:09:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 01:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 01:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/19 00:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
mattdog21
2010-03-23, 01:58
Here's from extras.txt
OTL Extras logfile created on: 3/22/2010 8:10:27 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 182.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.99 Gb Total Space | 48.11 Gb Free Space | 34.62% Space Free | Partition Type: NTFS
Drive D: | 10.06 Gb Total Space | 1.06 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = secfile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ave.exe ()
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Users\Sarah\AppData\Local\ave.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9888C3-8F94-4F55-BF65-3AC2334F1C4B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{36891B2F-5C11-4905-AADE-21B3967AD26D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DE7B03F-5729-4E8E-8642-6B9BF33D588F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{447C9CC9-D2D5-4963-89A7-56ED4DD23BCA}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4F7B4F22-6018-4AB1-8EC1-DA076CCF7652}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{54051A4B-5A08-42B6-AC17-D8245F94F131}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5E101233-7DAE-430C-9EC0-FDF7E5256C35}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{7AD59B55-E581-425C-AC65-4BB58662909B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A8FB1A17-2E2C-499B-8B8F-283FCBA4A363}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{ADF6C260-7712-48A5-A01E-268F87B58425}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE7C4987-EDFB-43DF-8939-F3FA0C489194}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{DCF01E9A-0B9E-49DE-AB6D-2ABC80C27A7F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E946F12E-C43A-488A-B21E-613CF6F903DF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9D195B7-3FB2-4D14-9950-B68363BC4FEA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F2F17819-552F-4848-9345-465D5FFA2F04}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{FE07C758-E608-44D1-AF3E-D89A3CDF6A85}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{5182227F-D08E-4BCB-B944-8204BB5568B1}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5B64AB70-EAD0-4E7E-8DEC-4EF55722BB73}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{8A9248DC-1D63-4714-8BB9-69B24C7E0626}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AFCC43A4-C648-49C0-9BF7-CBCF0A81A5F1}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{03B3163E-0801-4C92-BCB8-11206D0C1708}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{1044F331-41A9-45EC-98E8-29C7E202C4A8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{66E3A805-8C48-4D67-8D2B-C35DCFD72583}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C8D7EFEA-11F3-4B55-9B38-AF0ECA37EF0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.3
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48903BD9-1C48-47BF-85CB-ED7514823992}" = HP Active Support Library
"{50681864-CDFD-4F11-9169-FD81A368E758}" = ESU for Microsoft Vista
"{53933198-468C-437C-B8D8-1150B3102196}" = HP QuickTouch 1.00 C1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{755C609D-5792-4136-A0D8-0513E04D4EBE}" = HP Help and Support
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.2
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.4.6 Beta
"DVDFab Ghosthunter release_is1" = DVDFab Ghosthunter release 5.2.3.2
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.8.0 Beta
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.5.0 Ghosthunter release 2
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome Frame" = Google Chrome Frame
"Google Updater" = Google Updater
"GoZone iSync" = GoZone iSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Silent Package Run-Time Sample" = EPSON C120 User's Guide
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.3.0
"Spyware Doctor" = Spyware Doctor 7.0
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/21/2010 2:03:01 PM | Computer Name = Sarah-PC | Source = SPP | ID = 16387
Description =
Error - 3/21/2010 2:03:01 PM | Computer Name = Sarah-PC | Source = System Restore | ID = 8193
Description =
Error - 3/21/2010 5:33:31 PM | Computer Name = Sarah-PC | Source = SPP | ID = 16387
Description =
Error - 3/21/2010 5:33:32 PM | Computer Name = Sarah-PC | Source = System Restore | ID = 8193
Description =
Error - 3/21/2010 5:33:32 PM | Computer Name = Sarah-PC | Source = System Restore | ID = 8210
Description =
Error - 3/22/2010 3:32:02 PM | Computer Name = Sarah-PC | Source = SPP | ID = 16387
Description =
Error - 3/22/2010 3:32:02 PM | Computer Name = Sarah-PC | Source = System Restore | ID = 8193
Description =
Error - 3/22/2010 3:32:02 PM | Computer Name = Sarah-PC | Source = System Restore | ID = 8210
Description =
Error - 3/22/2010 7:54:43 PM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0x560, application
start time 0x01caca182b3a3e71.
Error - 3/22/2010 8:16:13 PM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0xe80, application
start time 0x01caca1b3a0c1547.
[ Media Center Events ]
Error - 5/17/2008 3:05:28 PM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/30/2008 8:06:12 AM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/1/2008 10:14:42 AM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/2/2008 5:12:42 PM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/9/2008 8:19:18 AM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 10/20/2008 3:34:44 PM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/21/2009 3:46:49 AM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 7/8/2009 3:32:21 AM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/30/2009 10:45:27 PM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/11/2010 10:34:56 PM | Computer Name = Sarah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 3/22/2010 10:16:21 AM | Computer Name = Sarah-PC | Source = HTTP | ID = 15016
Description =
Error - 3/22/2010 10:18:27 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 3/22/2010 10:19:56 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 3/22/2010 10:19:56 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 3/22/2010 7:34:08 PM | Computer Name = Sarah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:30:18 PM on 3/22/2010 was unexpected.
Error - 3/22/2010 7:34:38 PM | Computer Name = Sarah-PC | Source = HTTP | ID = 15016
Description =
Error - 3/22/2010 7:36:59 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 3/22/2010 7:38:27 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 3/22/2010 7:38:27 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 3/22/2010 7:42:36 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >
mattdog21
2010-03-23, 11:44
wasn't able to run second program to completion.
looks like i have ave.exe on my pc.
but did run in safe mode for a bit before it crashed. here is what it says.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 05:47:55
Windows 6.0.6001 Service Pack 1
Running: if1xljrs.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\fglcypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8275FCDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8275FECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8275F982]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x827600D6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 43C 82104B00 3 Bytes [DC, FC, 75]
.text ntkrnlpa.exe!KeSetTimerEx + 440 82104B04 3 Bytes [CE, FE, 75]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82104F18 3 Bytes [82, F9, 75] {CMP CL, 0x75}
.text ntkrnlpa.exe!KeSetTimerEx + 918 82104FDC 3 Bytes [D6, 00, 76]
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82726014]
---- Devices - GMER 1.0.15 ----
Device -> \Driver\atapi \Device\Harddisk0\DR0 848DDCA1
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
IndiGenus
2010-03-23, 23:36
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
Also run OTL again and post the log, no extras log will be generated this time.
And....let me know how it's running.
mattdog21
2010-03-24, 02:09
20:49:48:673 5476 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
20:49:48:673 5476 ================================================================================
20:49:48:673 5476 SystemInfo:
20:49:48:673 5476 OS Version: 6.0.6001 ServicePack: 1.0
20:49:48:673 5476 Product type: Workstation
20:49:48:673 5476 ComputerName: SARAH-PC
20:49:48:674 5476 UserName: Sarah
20:49:48:674 5476 Windows directory: C:\Windows
20:49:48:674 5476 Processor architecture: Intel x86
20:49:48:674 5476 Number of processors: 2
20:49:48:674 5476 Page size: 0x1000
20:49:48:677 5476 Boot type: Normal boot
20:49:48:677 5476 ================================================================================
20:49:48:860 5476 UnloadDriverW: NtUnloadDriver error 2
20:49:48:861 5476 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:50:08:156 5476 wfopen_ex: Trying to open file C:\Windows\system32\config\system
20:50:08:283 5476 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:50:08:283 5476 wfopen_ex: Trying to KLMD file open
20:50:08:283 5476 wfopen_ex: File opened ok (Flags 2)
20:50:08:286 5476 wfopen_ex: Trying to open file C:\Windows\system32\config\software
20:50:08:313 5476 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:50:08:314 5476 wfopen_ex: Trying to KLMD file open
20:50:08:314 5476 wfopen_ex: File opened ok (Flags 2)
20:50:08:314 5476 Initialize success
20:50:08:314 5476
20:50:08:315 5476 Scanning Services ...
20:50:09:506 5476 Raw services enum returned 475 services
20:50:09:522 5476
20:50:09:523 5476 Scanning Kernel memory ...
20:50:09:545 5476 Devices to scan: 1
20:50:09:546 5476
20:50:09:546 5476 Driver Name: atapi
20:50:09:546 5476 IRP_MJ_CREATE : 848AECA1
20:50:09:546 5476 IRP_MJ_CREATE_NAMED_PIPE : 848AECA1
20:50:09:546 5476 IRP_MJ_CLOSE : 848AECA1
20:50:09:546 5476 IRP_MJ_READ : 848AECA1
20:50:09:546 5476 IRP_MJ_WRITE : 848AECA1
20:50:09:546 5476 IRP_MJ_QUERY_INFORMATION : 848AECA1
20:50:09:546 5476 IRP_MJ_SET_INFORMATION : 848AECA1
20:50:09:546 5476 IRP_MJ_QUERY_EA : 848AECA1
20:50:09:546 5476 IRP_MJ_SET_EA : 848AECA1
20:50:09:546 5476 IRP_MJ_FLUSH_BUFFERS : 848AECA1
20:50:09:546 5476 IRP_MJ_QUERY_VOLUME_INFORMATION : 848AECA1
20:50:09:546 5476 IRP_MJ_SET_VOLUME_INFORMATION : 848AECA1
20:50:09:546 5476 IRP_MJ_DIRECTORY_CONTROL : 848AECA1
20:50:09:546 5476 IRP_MJ_FILE_SYSTEM_CONTROL : 848AECA1
20:50:09:546 5476 IRP_MJ_DEVICE_CONTROL : 848AECA1
20:50:09:546 5476 IRP_MJ_INTERNAL_DEVICE_CONTROL : 848AECA1
20:50:09:546 5476 IRP_MJ_SHUTDOWN : 848AECA1
20:50:09:546 5476 IRP_MJ_LOCK_CONTROL : 848AECA1
20:50:09:547 5476 IRP_MJ_CLEANUP : 848AECA1
20:50:09:547 5476 IRP_MJ_CREATE_MAILSLOT : 848AECA1
20:50:09:547 5476 IRP_MJ_QUERY_SECURITY : 848AECA1
20:50:09:547 5476 IRP_MJ_SET_SECURITY : 848AECA1
20:50:09:547 5476 IRP_MJ_POWER : 848AECA1
20:50:09:547 5476 IRP_MJ_SYSTEM_CONTROL : 848AECA1
20:50:09:547 5476 IRP_MJ_DEVICE_CHANGE : 848AECA1
20:50:09:547 5476 IRP_MJ_QUERY_QUOTA : 848AECA1
20:50:09:547 5476 IRP_MJ_SET_QUOTA : 848AECA1
20:50:09:547 5476 Driver "atapi" infected by TDSS rootkit!
20:50:09:553 5476 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
20:50:09:553 5476 File "C:\Windows\system32\drivers\atapi.sys" infected by TDSS rootkit ... 20:50:09:553 5476 Processing driver file: C:\Windows\system32\drivers\atapi.sys
20:50:12:844 5476 vfvi6
20:50:13:029 5476 dsvbh1
20:50:16:028 5476 fdfb1
20:50:16:028 5476 Backup copy found, using it..
20:50:16:134 5476 will be cured on next reboot
20:50:16:135 5476 Reboot required for cure complete..
20:50:16:221 5476 Cure on reboot scheduled successfully
20:50:16:221 5476
20:50:16:222 5476 Completed
20:50:16:223 5476
20:50:16:224 5476 Results:
20:50:16:225 5476 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
20:50:16:226 5476 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:50:16:227 5476 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:50:16:228 5476
20:50:16:229 5476 fclose_ex: Trying to close file C:\Windows\system32\config\system
20:50:16:230 5476 fclose_ex: Trying to close file C:\Windows\system32\config\software
20:50:16:231 5476 UnloadDriverW: NtUnloadDriver error 1
20:50:16:241 5476 KLMD(ARK) unloaded successfully
IndiGenus
2010-03-24, 14:23
Looks like TDSKiller took care of the rootkit. Have you followed the rest of my instructions?
Also run OTL again and post the log, no extras log will be generated this time.
And....let me know how it's running.
mattdog21
2010-03-24, 18:45
I ran out of time last night, as LOST was on!!!!! :)
I will re-run the OTL tonight, but it was indeed running lots better. Search engines seem to be following the correct link.
IndiGenus
2010-03-24, 18:48
I ran out of time last night, as LOST was on!!!!! :)
I will re-run the OTL tonight, but it was indeed running lots better. Search engines seem to be following the correct link.
No problem. Just wanted to make sure you read my whole post. Sometimes people get all excited and don't come back when the initial problem is fixed. But there could be more....check in when you can.
mattdog21
2010-03-27, 18:57
Here's the OTL file created.
OTL logfile created on: 3/27/2010 1:47:45 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.99 Gb Total Space | 52.09 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive D: | 10.06 Gb Total Space | 1.06 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010/03/20 16:33:32 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/20 16:33:22 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/20 16:33:20 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/20 16:33:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/20 16:32:46 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/03/20 16:32:43 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/20 16:32:21 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/20 16:32:16 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/20 16:32:05 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/20 09:41:59 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/20 23:09:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/18 22:23:00 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/05/18 22:22:58 | 000,266,339 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe
PRC - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/06 00:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 10:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
========== Modules (SafeList) ==========
MOD - [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2010/03/20 16:33:21 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/03/20 16:33:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/20 16:32:43 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/20 16:32:29 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/03/20 16:32:23 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/25 08:03:56 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/18 22:23:00 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/05/18 22:22:58 | 000,266,339 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)
SRV - [2007/01/14 09:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 05:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/06 00:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/06 00:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 10:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/access/autosearch.asp?p=%s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/20 16:40:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 08:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/27 08:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/01 13:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/12/30 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2010/03/27 08:12:00 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\crrdj11o.default\extensions
[2009/12/30 16:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\crrdj11o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/22 20:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
O1 HOSTS File: ([2010/03/23 17:39:44 | 000,006,977 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 99.189.54
O1 - Hosts: 127.0.0.1 99.189.52
O1 - Hosts: 127.0.0.1 99.14.103
O1 - Hosts: 127.0.0.1 98.223.73
O1 - Hosts: 127.0.0.1 97.80.137
O1 - Hosts: 127.0.0.1 95.134.16
O1 - Hosts: 127.0.0.1 95.133.8.
O1 - Hosts: 127.0.0.1 95.133.23
O1 - Hosts: 127.0.0.1 95.133.23
O1 - Hosts: 127.0.0.1 95.133.14
O1 - Hosts: 127.0.0.1 95.133.11
O1 - Hosts: 127.0.0.1 95.105.17
O1 - Hosts: 127.0.0.1 94.53.2.1
O1 - Hosts: 127.0.0.1 94.23.201
O1 - Hosts: 127.0.0.1 94.179.55
O1 - Hosts: 127.0.0.1 94.179.48
O1 - Hosts: 127.0.0.1 94.179.19
O1 - Hosts: 127.0.0.1 94.179.11
O1 - Hosts: 127.0.0.1 94.178.65
O1 - Hosts: 127.0.0.1 93.39.197
O1 - Hosts: 127.0.0.1 93.186.17
O1 - Hosts: 127.0.0.1 93.136.83
O1 - Hosts: 127.0.0.1 93.112.91
O1 - Hosts: 273 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: waynemutual.com ([sslvpn] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} https://sslvpn.waynemutual.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} https://sslvpn.waynemutual.com/NGVPNTunnel.cab (NGVPLaunch Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/25 08:42:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 14 Days ==========
[2010/03/23 06:51:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\FreeFixer
[2010/03/23 06:51:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\FreeFixer
[2010/03/23 06:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/03/23 06:03:43 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/03/22 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Desktop\New Folder
[2010/03/22 18:19:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/03/22 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\AVG9
[2010/03/21 19:36:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/21 12:50:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/21 12:50:50 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/21 12:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 10:38:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010/03/21 10:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/20 16:33:21 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/20 11:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/20 11:33:19 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/03/20 11:33:18 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/03/20 11:33:16 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/20 11:33:00 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/20 11:32:58 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/20 11:32:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/03/20 11:29:00 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/03/20 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/20 11:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/20 10:13:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/03/20 10:13:49 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/03/20 10:13:49 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/03/20 10:13:49 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/03/20 10:00:48 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/03/20 10:00:48 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/03/20 10:00:26 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/20 10:00:25 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/03/20 09:59:49 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/03/20 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PC Tools
[2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/03/19 17:17:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/19 17:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/03/19 17:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/19 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/19 12:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/03/19 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DVDFab
[2008/01/04 19:34:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sarah\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 14 Days ==========
[2010/03/27 13:52:48 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/03/27 13:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 13:45:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 13:45:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 13:32:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2560255393-9658072-2611782331-1000UA.job
[2010/03/27 11:01:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/27 09:47:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 07:53:57 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/03/27 07:52:37 | 000,068,645 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\nvModes.001
[2010/03/27 07:49:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 07:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 07:48:38 | 1005,486,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 06:52:55 | 057,977,134 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/26 19:32:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2560255393-9658072-2611782331-1000Core.job
[2010/03/23 20:51:53 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/23 20:51:53 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/23 20:51:48 | 003,125,662 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/03/23 20:19:24 | 175,470,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/23 20:11:48 | 000,011,412 | -HS- | M] () -- C:\ProgramData\VH56DJI7u87yo
[2010/03/23 17:39:44 | 000,006,977 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/23 06:52:42 | 000,011,432 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\VH56DJI7u87yo
[2010/03/23 06:19:51 | 000,007,268 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2010/03/22 19:39:17 | 000,011,446 | -HS- | M] () -- C:\ProgramData\1363166623
[2010/03/22 18:18:00 | 000,293,376 | ---- | M] () -- C:\if1xljrs.exe
[2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/03/22 18:11:05 | 000,068,645 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\nvModes.dat
[2010/03/21 14:08:00 | 000,002,523 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\HiJackThis.lnk
[2010/03/21 12:50:57 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 17:33:23 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/20 17:33:23 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/20 17:33:23 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/20 16:33:28 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/20 16:33:21 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/20 16:33:21 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/20 16:32:51 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/03/20 16:32:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/20 16:32:08 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/03/20 11:33:22 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/03/20 11:32:58 | 000,572,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/03/20 11:32:57 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/20 11:32:40 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/03/20 11:32:40 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/03/20 11:32:40 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/20 11:29:00 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/03/20 09:46:37 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/20 09:09:18 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat_previous
[2010/03/19 16:28:45 | 000,000,036 | ---- | M] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2010/03/16 20:09:24 | 000,224,256 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\Loan_calc_extra_payments.xls
[2010/03/14 21:15:03 | 000,000,062 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\Web History.URL
[2010/03/14 21:15:03 | 000,000,062 | ---- | M] () -- C:\Users\Sarah\Documents\Web History.URL
========== Files Created - No Company Name ==========
[2010/03/23 06:09:55 | 1005,486,080 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/22 19:38:46 | 000,011,446 | -HS- | C] () -- C:\ProgramData\1363166623
[2010/03/22 19:38:46 | 000,011,432 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\VH56DJI7u87yo
[2010/03/22 18:19:22 | 000,293,376 | ---- | C] () -- C:\if1xljrs.exe
[2010/03/22 11:36:45 | 000,011,412 | -HS- | C] () -- C:\ProgramData\VH56DJI7u87yo
[2010/03/21 14:03:16 | 000,002,523 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\HiJackThis.lnk
[2010/03/21 12:50:57 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 11:33:22 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/03/20 11:32:57 | 000,572,937 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/03/20 11:32:57 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/20 11:32:40 | 057,977,134 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/20 11:32:40 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/03/20 11:32:40 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/03/20 11:32:40 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/20 10:13:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/20 10:13:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/20 10:13:50 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/03/20 10:13:50 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/03/20 10:13:50 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/03/20 10:13:49 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/03/20 10:00:48 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/03/20 10:00:26 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/03/20 10:00:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/03/20 09:59:49 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/03/19 16:28:45 | 000,000,036 | ---- | C] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2010/03/19 07:29:16 | 000,000,062 | ---- | C] () -- C:\Users\Sarah\Documents\Web History.URL
[2010/03/14 21:15:03 | 000,000,062 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\Web History.URL
[2010/03/14 16:24:55 | 000,224,256 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\Loan_calc_extra_payments.xls
[2008/04/11 07:54:45 | 000,007,268 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2008/02/06 23:01:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/02/06 22:57:32 | 000,000,077 | ---- | C] () -- C:\Windows\EPSC120.ini
[2008/01/11 16:23:14 | 000,019,968 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/04 21:58:40 | 000,000,452 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2008/01/04 19:35:35 | 000,000,033 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.log
[2008/01/04 19:34:19 | 000,087,608 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\ezpinst.exe
[2008/01/04 19:34:19 | 000,007,824 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.cat
[2008/01/04 19:34:19 | 000,001,144 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.inf
[2007/12/24 13:30:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/12/23 14:25:52 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\FnF4.txt
[2007/12/22 16:43:17 | 000,068,645 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\nvModes.001
[2007/12/22 16:43:10 | 000,068,645 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\nvModes.dat
[2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\QSwitch.txt
[2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DSwitch.txt
[2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\AtStart.txt
[2007/07/25 08:31:36 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 17:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
========== LOP Check ==========
[2010/03/22 18:11:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\AVG9
[2008/04/17 10:06:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canon
[2010/03/19 10:53:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDFab
[2010/02/21 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Facebook
[2010/03/23 07:18:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FreeFixer
[2008/02/06 23:07:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2008/08/27 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Medstrat
[2009/12/24 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MoveFab
[2010/01/24 09:27:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Snapfish
[2008/01/04 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2007/12/26 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2010/03/20 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2010/03/19 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Vso
[2008/01/28 22:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent
[2010/03/23 20:52:55 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
mattdog21
2010-03-27, 19:08
I just noticed the hosts file.... last time i checked this, there was only 2 entries. now there's a bunch. what added them? is that normal?
Thanks
Matt.
IndiGenus
2010-04-08, 15:13
Hey Matt sorry for the long delay in getting back to you here. I don't remember ever getting notified that you responded back.
The HOSTS file does need to be reset.
Download the HostsXpert 4.3 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).
Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Run OTL again and give me an update on how it's running.
IndiGenus
2010-04-19, 18:47
Did you still want help here Matt?