Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Search Engines Redirected! HELP!!!!

  1. 2010-03-27, 18:57 #11
    mattdog21
    mattdog21 is offline
    Junior Member
    Join Date
    Mar 2010
    Posts
    8

    Default

    Here's the OTL file created.


    OTL logfile created on: 3/27/2010 1:47:45 PM - Run 2
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 47.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.99 Gb Total Space | 52.09 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
    Drive D: | 10.06 Gb Total Space | 1.06 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SARAH-PC
    Current User Name: Sarah
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    PRC - [2010/03/20 16:33:32 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/03/20 16:33:22 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/03/20 16:33:20 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/03/20 16:33:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/20 16:32:46 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/03/20 16:32:43 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/03/20 16:32:21 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/03/20 16:32:16 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010/03/20 16:32:05 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2010/03/20 09:41:59 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/12/20 23:09:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/05/18 22:23:00 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    PRC - [2007/05/18 22:22:58 | 000,266,339 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    PRC - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe
    PRC - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2007/01/06 00:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2007/01/05 10:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    MOD - [2010/03/20 16:33:21 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/20 16:33:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/20 16:32:43 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/03/20 16:32:29 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
    SRV - [2010/03/20 16:32:23 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/07/25 08:03:56 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/05/18 22:23:00 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
    SRV - [2007/05/18 22:22:58 | 000,266,339 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
    SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)
    SRV - [2007/01/14 09:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
    SRV - [2007/01/13 05:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/10 07:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
    SRV - [2007/01/06 00:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/06 00:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/01/05 10:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/access/autosearch.asp?p=%s
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/20 16:40:32 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 08:01:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/27 08:01:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/01 13:01:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2009/12/30 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
    [2010/03/27 08:12:00 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\crrdj11o.default\extensions
    [2009/12/30 16:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\crrdj11o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/22 20:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

    O1 HOSTS File: ([2010/03/23 17:39:44 | 000,006,977 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 99.189.54
    O1 - Hosts: 127.0.0.1 99.189.52
    O1 - Hosts: 127.0.0.1 99.14.103
    O1 - Hosts: 127.0.0.1 98.223.73
    O1 - Hosts: 127.0.0.1 97.80.137
    O1 - Hosts: 127.0.0.1 95.134.16
    O1 - Hosts: 127.0.0.1 95.133.8.
    O1 - Hosts: 127.0.0.1 95.133.23
    O1 - Hosts: 127.0.0.1 95.133.23
    O1 - Hosts: 127.0.0.1 95.133.14
    O1 - Hosts: 127.0.0.1 95.133.11
    O1 - Hosts: 127.0.0.1 95.105.17
    O1 - Hosts: 127.0.0.1 94.53.2.1
    O1 - Hosts: 127.0.0.1 94.23.201
    O1 - Hosts: 127.0.0.1 94.179.55
    O1 - Hosts: 127.0.0.1 94.179.48
    O1 - Hosts: 127.0.0.1 94.179.19
    O1 - Hosts: 127.0.0.1 94.179.11
    O1 - Hosts: 127.0.0.1 94.178.65
    O1 - Hosts: 127.0.0.1 93.39.197
    O1 - Hosts: 127.0.0.1 93.186.17
    O1 - Hosts: 127.0.0.1 93.136.83
    O1 - Hosts: 127.0.0.1 93.112.91
    O1 - Hosts: 273 more lines...
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
    O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: waynemutual.com ([sslvpn] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} https://sslvpn.waynemutual.com/XTSAC.cab (XTSAC Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} https://sslvpn.waynemutual.com/NGVPNTunnel.cab (NGVPLaunch Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\cf - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/07/25 08:42:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/03/23 06:51:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\FreeFixer
    [2010/03/23 06:51:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\FreeFixer
    [2010/03/23 06:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
    [2010/03/23 06:03:43 | 000,000,000 | -HSD | C] -- C:\found.000
    [2010/03/22 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Desktop\New Folder
    [2010/03/22 18:19:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
    [2010/03/22 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\AVG9
    [2010/03/21 19:36:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/03/21 12:50:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/03/21 12:50:50 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/03/21 12:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/03/21 10:38:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
    [2010/03/21 10:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/03/20 16:33:21 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2010/03/20 11:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2010/03/20 11:33:19 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
    [2010/03/20 11:33:18 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2010/03/20 11:33:16 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2010/03/20 11:33:00 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2010/03/20 11:32:58 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2010/03/20 11:32:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
    [2010/03/20 11:29:00 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
    [2010/03/20 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/03/20 11:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
    [2010/03/20 10:13:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2010/03/20 10:13:49 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2010/03/20 10:13:49 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
    [2010/03/20 10:13:49 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2010/03/20 10:00:48 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2010/03/20 10:00:48 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2010/03/20 10:00:26 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2010/03/20 10:00:25 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2010/03/20 09:59:49 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2010/03/20 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PC Tools
    [2010/03/20 09:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010/03/19 17:17:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/03/19 17:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2010/03/19 17:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010/03/19 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
    [2010/03/19 12:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
    [2010/03/19 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DVDFab
    [2008/01/04 19:34:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sarah\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 14 Days ==========

    [2010/03/27 13:52:48 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
    [2010/03/27 13:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/03/27 13:45:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/03/27 13:45:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/03/27 13:32:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2560255393-9658072-2611782331-1000UA.job
    [2010/03/27 11:01:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2010/03/27 09:47:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/03/27 07:53:57 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2010/03/27 07:52:37 | 000,068,645 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\nvModes.001
    [2010/03/27 07:49:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/03/27 07:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/03/27 07:48:38 | 1005,486,080 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/27 06:52:55 | 057,977,134 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2010/03/26 19:32:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2560255393-9658072-2611782331-1000Core.job
    [2010/03/23 20:51:53 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010/03/23 20:51:53 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010/03/23 20:51:48 | 003,125,662 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
    [2010/03/23 20:19:24 | 175,470,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/03/23 20:11:48 | 000,011,412 | -HS- | M] () -- C:\ProgramData\VH56DJI7u87yo
    [2010/03/23 17:39:44 | 000,006,977 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/03/23 06:52:42 | 000,011,432 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\VH56DJI7u87yo
    [2010/03/23 06:19:51 | 000,007,268 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
    [2010/03/22 19:39:17 | 000,011,446 | -HS- | M] () -- C:\ProgramData\1363166623
    [2010/03/22 18:18:00 | 000,293,376 | ---- | M] () -- C:\if1xljrs.exe
    [2010/03/22 18:17:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2010/03/22 18:11:05 | 000,068,645 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\nvModes.dat
    [2010/03/21 14:08:00 | 000,002,523 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\HiJackThis.lnk
    [2010/03/21 12:50:57 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/20 17:33:23 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/03/20 17:33:23 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/03/20 17:33:23 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/03/20 16:33:28 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2010/03/20 16:33:21 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2010/03/20 16:33:21 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2010/03/20 16:32:51 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
    [2010/03/20 16:32:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2010/03/20 16:32:08 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2010/03/20 11:33:22 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
    [2010/03/20 11:32:58 | 000,572,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
    [2010/03/20 11:32:57 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2010/03/20 11:32:40 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
    [2010/03/20 11:32:40 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
    [2010/03/20 11:32:40 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
    [2010/03/20 11:29:00 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
    [2010/03/20 09:46:37 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/03/20 09:09:18 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat_previous
    [2010/03/19 16:28:45 | 000,000,036 | ---- | M] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
    [2010/03/16 20:09:24 | 000,224,256 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\Loan_calc_extra_payments.xls
    [2010/03/14 21:15:03 | 000,000,062 | ---- | M] () -- C:\Users\Sarah\Favorites\Desktop\Web History.URL
    [2010/03/14 21:15:03 | 000,000,062 | ---- | M] () -- C:\Users\Sarah\Documents\Web History.URL

    ========== Files Created - No Company Name ==========

    [2010/03/23 06:09:55 | 1005,486,080 | -HS- | C] () -- C:\hiberfil.sys
    [2010/03/22 19:38:46 | 000,011,446 | -HS- | C] () -- C:\ProgramData\1363166623
    [2010/03/22 19:38:46 | 000,011,432 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\VH56DJI7u87yo
    [2010/03/22 18:19:22 | 000,293,376 | ---- | C] () -- C:\if1xljrs.exe
    [2010/03/22 11:36:45 | 000,011,412 | -HS- | C] () -- C:\ProgramData\VH56DJI7u87yo
    [2010/03/21 14:03:16 | 000,002,523 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\HiJackThis.lnk
    [2010/03/21 12:50:57 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/20 11:33:22 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
    [2010/03/20 11:32:57 | 000,572,937 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
    [2010/03/20 11:32:57 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2010/03/20 11:32:40 | 057,977,134 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2010/03/20 11:32:40 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
    [2010/03/20 11:32:40 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
    [2010/03/20 11:32:40 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
    [2010/03/20 10:13:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
    [2010/03/20 10:13:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010/03/20 10:13:50 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2010/03/20 10:13:50 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2010/03/20 10:13:50 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2010/03/20 10:13:49 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
    [2010/03/20 10:00:48 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
    [2010/03/20 10:00:26 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
    [2010/03/20 10:00:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
    [2010/03/20 09:59:49 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
    [2010/03/19 16:28:45 | 000,000,036 | ---- | C] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
    [2010/03/19 07:29:16 | 000,000,062 | ---- | C] () -- C:\Users\Sarah\Documents\Web History.URL
    [2010/03/14 21:15:03 | 000,000,062 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\Web History.URL
    [2010/03/14 16:24:55 | 000,224,256 | ---- | C] () -- C:\Users\Sarah\Favorites\Desktop\Loan_calc_extra_payments.xls
    [2008/04/11 07:54:45 | 000,007,268 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
    [2008/02/06 23:01:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2008/02/06 22:57:32 | 000,000,077 | ---- | C] () -- C:\Windows\EPSC120.ini
    [2008/01/11 16:23:14 | 000,019,968 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/04 21:58:40 | 000,000,452 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
    [2008/01/04 19:35:35 | 000,000,033 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.log
    [2008/01/04 19:34:19 | 000,087,608 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\ezpinst.exe
    [2008/01/04 19:34:19 | 000,007,824 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.cat
    [2008/01/04 19:34:19 | 000,001,144 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.inf
    [2007/12/24 13:30:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2007/12/23 14:25:52 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\FnF4.txt
    [2007/12/22 16:43:17 | 000,068,645 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\nvModes.001
    [2007/12/22 16:43:10 | 000,068,645 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\nvModes.dat
    [2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\QSwitch.txt
    [2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DSwitch.txt
    [2007/12/20 12:46:35 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\AtStart.txt
    [2007/07/25 08:31:36 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2005/05/06 17:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== LOP Check ==========

    [2010/03/22 18:11:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\AVG9
    [2008/04/17 10:06:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canon
    [2010/03/19 10:53:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDFab
    [2010/02/21 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Facebook
    [2010/03/23 07:18:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FreeFixer
    [2008/02/06 23:07:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
    [2008/08/27 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Medstrat
    [2009/12/24 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MoveFab
    [2010/01/24 09:27:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Snapfish
    [2008/01/04 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
    [2007/12/26 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
    [2010/03/20 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
    [2010/03/19 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Vso
    [2008/01/28 22:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent
    [2010/03/23 20:52:55 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    < End of report >
  2. 2010-03-27, 19:08 #12
    mattdog21
    mattdog21 is offline
    Junior Member
    Join Date
    Mar 2010
    Posts
    8

    Default

    I just noticed the hosts file.... last time i checked this, there was only 2 entries. now there's a bunch. what added them? is that normal?

    Thanks
    Matt.
    Last edited by tashi; 2010-05-06 at 18:54. Reason: Date of Archive
  3. 2010-04-08, 15:13 #13
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Hey Matt sorry for the long delay in getting back to you here. I don't remember ever getting notified that you responded back.

    The HOSTS file does need to be reset.

    Download the HostsXpert 4.3 - Hosts File Manager.
    • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
    • Run HostsXpert 4.3 - Hosts File Manager from its new home
    • Click on "File Handling".
    • Click on "Restore MS Hosts File".
    • Click OK on the Confirmation box.
    • Click on "Make Read Only?"
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


    Run OTL again and give me an update on how it's running.
  4. 2010-04-19, 18:47 #14
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Did you still want help here Matt?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules