Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unending add-on programs

Started by rxdotcom , Dec 25 2010 08:31 PM

  • Please log in to reply

#1
rxdotcom
Posted 25 December 2010 - 08:31 PM

rxdotcom

    Member

  • Member
  • PipPip
  • 65 posts
I have Win Patrol running on my computer (a great program!). Today the "watchdog" has been interupting my internet explorer asking permission to add "windows" programs. I said no to every add-on or 1 time program.
I added a Hijack this to b reviewed...what can I get rid of or use to clean this up?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:18 PM, on 12/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1132700087\EE\aolsoftware.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Tht.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Thy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: C:\WINDOWS\system32\n5qa2rv6sz.dll - {B2B220C1-A503-59BD-F413-01B53A2C8953} - C:\WINDOWS\system32\n5qa2rv6sz.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVFX Engine] "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG10\avgtray.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Uxivaro] rundll32.exe "C:\WINDOWS\alamolimar.dll",Startup
O4 - HKLM\..\Run: [uPc+MV0NqOaXms] rundll32.exe C:\WINDOWS\system32\rfu7mg.dll, SystemServer
O4 - HKLM\..\Run: [HNUmaIXnQJ] C:\DOCUME~1\Owner\LOCALS~1\Temp\k7n2b1.exe
O4 - HKLM\..\Run: [MKcrc] C:\WINDOWS\login.exe
O4 - HKLM\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKLM\..\Run: [MKerb] C:\WINDOWS\taskmgr.exe
O4 - HKLM\..\Run: [MKfPc] C:\WINDOWS\win16.exe
O4 - HKLM\..\Run: [MKayc] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [HNUmaIXnsd] C:\DOCUME~1\Owner\LOCALS~1\Temp\taskmgr.exe
O4 - HKLM\..\Run: [HNUmaIXnY] C:\DOCUME~1\Owner\LOCALS~1\Temp\cmd.exe
O4 - HKLM\..\Run: [MKbtc] C:\WINDOWS\hexdump.exe
O4 - HKLM\..\Run: [MKaoc] C:\WINDOWS\debug.exe
O4 - HKLM\..\Run: [HNUmaIXngP] C:\DOCUME~1\Owner\LOCALS~1\Temp\win32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Snutahalafuna] rundll32.exe "C:\WINDOWS\wsnsadui.dll",Startup
O4 - HKCU\..\Run: [uPc+MV0NqOaXms] rundll32.exe C:\WINDOWS\system32\rfu7mg.dll, SystemServer
O4 - HKCU\..\Run: [HNUmaIXnQJ] C:\DOCUME~1\Owner\LOCALS~1\Temp\k7n2b1.exe
O4 - HKCU\..\Run: [MKcrc] C:\WINDOWS\login.exe
O4 - HKCU\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKCU\..\Run: [MKerb] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [MKfPc] C:\WINDOWS\win16.exe
O4 - HKCU\..\Run: [MKayc] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [HNUmaIXnsd] C:\DOCUME~1\Owner\LOCALS~1\Temp\taskmgr.exe
O4 - HKCU\..\Run: [HNUmaIXnY] C:\DOCUME~1\Owner\LOCALS~1\Temp\cmd.exe
O4 - HKCU\..\Run: [MKbtc] C:\WINDOWS\hexdump.exe
O4 - HKCU\..\Run: [MKaoc] C:\WINDOWS\debug.exe
O4 - HKCU\..\Run: [HNUmaIXngP] C:\DOCUME~1\Owner\LOCALS~1\Temp\win32.exe
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Owner\LOCALS~1\Temp\Tht.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168194138473
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168194132254
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkm...-ship-WD.V1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: iwuiahf87sfy8ushfijsjgfgf - {B2B220C1-A503-59BD-F413-01B53A2C8953} - C:\WINDOWS\system32\n5qa2rv6sz.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10489 bytes
  • 0

Advertisements

#2
RKinner
Posted 28 December 2010 - 08:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We don't use HJT much anymore but your bug appears fairly primitive so it might work.

First disable Spybot's teatimer per the instructions here:
http://forum.aumha.o...1dbb93292201b1d

Boot into Safe Mode (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until you see the Safe Mode menu. Choose the top option. Log in with your normal login.) Run HJT, scan only and then check all of the above:

O2 - BHO: C:\WINDOWS\system32\n5qa2rv6sz.dll - {B2B220C1-A503-59BD-F413-01B53A2C8953} - C:\WINDOWS\system32\n5qa2rv6sz.dll
O4 - HKLM\..\Run: [Uxivaro] rundll32.exe "C:\WINDOWS\alamolimar.dll",Startup
O4 - HKLM\..\Run: [uPc+MV0NqOaXms] rundll32.exe C:\WINDOWS\system32\rfu7mg.dll, SystemServer
O4 - HKLM\..\Run: [HNUmaIXnQJ] C:\DOCUME~1\Owner\LOCALS~1\Temp\k7n2b1.exe
O4 - HKLM\..\Run: [MKcrc] C:\WINDOWS\login.exe
O4 - HKLM\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKLM\..\Run: [MKerb] C:\WINDOWS\taskmgr.exe
O4 - HKLM\..\Run: [MKfPc] C:\WINDOWS\win16.exe
O4 - HKLM\..\Run: [MKayc] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [HNUmaIXnsd] C:\DOCUME~1\Owner\LOCALS~1\Temp\taskmgr.exe
O4 - HKLM\..\Run: [HNUmaIXnY] C:\DOCUME~1\Owner\LOCALS~1\Temp\cmd.exe
O4 - HKLM\..\Run: [MKbtc] C:\WINDOWS\hexdump.exe
O4 - HKLM\..\Run: [MKaoc] C:\WINDOWS\debug.exe
O4 - HKLM\..\Run: [HNUmaIXngP] C:\DOCUME~1\Owner\LOCALS~1\Temp\win32.exe
O4 - HKCU\..\Run: [Snutahalafuna] rundll32.exe "C:\WINDOWS\wsnsadui.dll",Startup
O4 - HKCU\..\Run: [uPc+MV0NqOaXms] rundll32.exe C:\WINDOWS\system32\rfu7mg.dll, SystemServer
O4 - HKCU\..\Run: [HNUmaIXnQJ] C:\DOCUME~1\Owner\LOCALS~1\Temp\k7n2b1.exe
O4 - HKCU\..\Run: [MKcrc] C:\WINDOWS\login.exe
O4 - HKCU\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKCU\..\Run: [MKerb] C:\WINDOWS\taskmgr.exe
O4 - HKCU\..\Run: [MKfPc] C:\WINDOWS\win16.exe
O4 - HKCU\..\Run: [MKayc] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [HNUmaIXnsd] C:\DOCUME~1\Owner\LOCALS~1\Temp\taskmgr.exe
O4 - HKCU\..\Run: [HNUmaIXnY] C:\DOCUME~1\Owner\LOCALS~1\Temp\cmd.exe
O4 - HKCU\..\Run: [MKbtc] C:\WINDOWS\hexdump.exe
O4 - HKCU\..\Run: [MKaoc] C:\WINDOWS\debug.exe
O4 - HKCU\..\Run: [HNUmaIXngP] C:\DOCUME~1\Owner\LOCALS~1\Temp\win32.exe
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Owner\LOCALS~1\Temp\Tht.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O22 - SharedTaskScheduler: iwuiahf87sfy8ushfijsjgfgf - {B2B220C1-A503-59BD-F413-01B53A2C8953} - C:\WINDOWS\system32\n5qa2rv6sz.dll

Then Fix Checked. Reboot into regular mode and:

Run a new HJT scan and post the log.





Download and save:
http://www.geekstogo...timers-list-it/

then run OTL.

In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.

Ron
  • 0

#3
rxdotcom
Posted 28 December 2010 - 09:49 PM

rxdotcom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
While I was awaiting a response, I removed Tea-Timer from my startup. I installed and ran malwarebyte and reinstalled AVG 2011 (with malware protection). It seems to have found all the problems and deleted every HJT entry which you instructed to remove, except for the following:

O22 - SharedTaskScheduler: iwuiahf87sfy8ushfijsjgfgf - {B2B220C1-A503-59BD-F413-01B53A2C8953} - C:\WINDOWS\system32\n5qa2rv6sz.dll
it now says (file missing) after the entry. I can only assume that is a good thing!

OTL:
OTL logfile created on: 12/28/2010 10:43:38 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 194.78 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 2.38 Gb Free Space | 54.28% Space Free | Partition Type: FAT32
Drive E: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 74.53 Gb Total Space | 12.33 Gb Free Space | 16.55% Space Free | Partition Type: NTFS

Computer Name: YOUR-2438974142 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 22:33:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/01 04:14:46 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/03/01 16:48:18 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 16:48:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1132700087\EE\aolsoftware.exe
PRC - [2007/10/01 16:40:44 | 005,367,608 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2007/10/01 16:40:40 | 003,567,928 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/10/01 16:24:36 | 000,210,232 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\ssu.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:30:20 | 000,151,552 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/10/01 13:03:52 | 000,255,552 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005/11/22 17:51:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/09/11 12:24:03 | 000,258,048 | ---- | M] (iISoftware) -- C:\Program Files\iISystem Wiper\SystemWiper.exe
PRC - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe
PRC - [2005/02/21 06:21:18 | 000,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3300 Series\lxccmon.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 22:33:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2006/10/01 13:04:00 | 000,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/25 09:01:42 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/01 16:48:17 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/10/01 16:40:40 | 003,567,928 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/11/22 17:51:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/06/29 12:29:30 | 000,184,373 | ---- | M] () [Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe -- (AOLService)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/05/03 15:46:36 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2007/12/23 22:30:00 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/01 16:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/01 16:24:34 | 000,163,640 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/10/01 16:24:34 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/10/01 16:24:34 | 000,020,280 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS -- (SSFS0BB9)
DRV - [2007/08/30 03:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/11 00:01:02 | 000,142,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0350Afx.sys -- (VF0350Afx)
DRV - [2007/05/11 00:02:00 | 000,170,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0350Vid.sys -- (VF0350Vid) Live! Cam Video IM (VF0350)
DRV - [2007/03/05 17:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2007/01/07 19:55:04 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/08/30 06:10:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/30 06:10:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/11/22 17:55:24 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/09 05:54:38 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/08/04 09:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 09:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/22 19:16:26 | 000,338,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{78498292-1433-458D-9446-07534F7BC8BF}: C:\Documents and Settings\Owner\Local Settings\Application Data\{78498292-1433-458D-9446-07534F7BC8BF} [2010/12/25 21:11:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 14:05:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2007/01/07 17:06:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1168194138473 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168194132254 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkm...-ship-WD.V1.cab (Pure Networks Security Scan)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O22 - SharedTaskScheduler: {B2B220C1-A503-59BD-F413-01B53A2C8953} - iwuiahf87sfy8ushfijsjgfgf - C:\WINDOWS\System32\n5qa2rv6sz.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/30 16:59:01 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/20 12:16:58 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/20 12:16:58 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/05 15:01:39 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2007/06/02 07:27:56 | 000,134,694 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2007/07/20 12:27:07 | 000,000,153 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/29 08:25:36 | 000,000,050 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5aef93c4-a49e-11db-8540-00016cf815dc}\Shell - "" = AutoRun
O33 - MountPoints2\{5aef93c4-a49e-11db-8540-00016cf815dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5aef93c4-a49e-11db-8540-00016cf815dc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fb783b98-00fb-11df-9c00-00016cf815dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fb783b98-00fb-11df-9c00-00016cf815dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb783b98-00fb-11df-9c00-00016cf815dc}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff73fe81-4550-11df-9c10-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ff73fe81-4550-11df-9c10-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 14:05:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/26 17:31:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/25 21:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/12/25 21:38:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/25 21:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/25 21:38:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/25 21:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/25 21:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{78498292-1433-458D-9446-07534F7BC8BF}
[2010/12/25 21:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\C921466180557D5A01DAC2E7593C2C54
[2010/12/18 17:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\nmmicrocore{DB9CF5D7-17C7-48c7-99A5-06E82D0A0252}
[2010/12/18 13:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/12/18 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AIM
[2010/12/18 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/18 13:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2007/05/23 09:10:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[760 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/28 22:47:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2026827641-1812957846-761937151-1006UA.job
[2010/12/28 22:37:42 | 102,861,947 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/28 22:27:48 | 000,000,018 | ---- | M] () -- C:\Documents and Settings\Owner\iidelonb.ini
[2010/12/28 18:47:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2026827641-1812957846-761937151-1006Core.job
[2010/12/28 05:00:40 | 000,001,696 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L8423933F6DDB4A47B2FF07491288A92B.job
[2010/12/28 05:00:00 | 000,001,678 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_1876A0B760EA4C63AFA862670B0D639A.job
[2010/12/27 16:48:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/27 14:23:22 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/27 14:23:22 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/27 14:19:55 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/27 14:18:43 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/27 14:18:40 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\KVMH.job
[2010/12/27 14:18:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/27 14:18:35 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 14:06:20 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/26 17:53:13 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/26 17:47:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/26 11:10:49 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/26 08:45:18 | 000,000,124 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/12/25 21:11:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nxisivuluyetofi.dat
[2010/12/25 21:11:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gcuyoyowohowo.bin
[2010/12/21 14:57:27 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 13:21:47 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/12/18 13:21:47 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/12/18 12:36:47 | 000,000,015 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/12/14 23:47:47 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/12/14 23:47:47 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/09 20:14:45 | 004,307,679 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\albumreview.pdf
[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/12/07 10:28:29 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Melissa Grad Account.xls
[2010/12/04 10:01:51 | 000,000,447 | ---- | M] () -- C:\WINDOWS\CLASSICZAP.INI
[760 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/26 16:28:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/26 11:23:24 | 000,000,018 | ---- | C] () -- C:\Documents and Settings\Owner\iidelonb.ini
[2010/12/26 11:17:47 | 2011,746,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/26 08:45:18 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/25 21:11:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nxisivuluyetofi.dat
[2010/12/25 21:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gcuyoyowohowo.bin
[2010/12/25 21:08:44 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\KVMH.job
[2010/12/18 13:19:50 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/12/18 13:19:50 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/12/09 20:14:36 | 004,307,679 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\albumreview.pdf
[2009/02/07 12:45:00 | 000,000,447 | ---- | C] () -- C:\WINDOWS\CLASSICZAP.INI
[2008/07/14 14:42:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/12/24 01:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/11/29 08:54:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/05/23 09:10:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2007/05/23 09:10:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2007/05/23 09:10:51 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2007/05/23 09:10:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/04 12:55:44 | 000,000,306 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/01/15 09:10:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/15 08:22:40 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/01/13 10:45:31 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/07 21:43:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/07 21:35:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/01/07 20:40:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/01/07 20:09:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/01/07 20:09:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/01/07 20:06:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2007/01/07 17:03:56 | 000,026,424 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2005/11/22 17:53:31 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/11/22 17:53:28 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/22 17:50:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/22 17:31:43 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/22 17:31:43 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/22 17:31:41 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/22 17:31:40 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/22 17:31:40 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/22 17:31:40 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/11/22 17:31:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:25 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003586_.tmp.dll
[2005/01/09 18:48:06 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003618_.tmp.dll
[2005/01/09 12:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/06 17:35:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE4A64B

< End of report >
  • 0

#4
rxdotcom
Posted 28 December 2010 - 09:50 PM

rxdotcom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
2nd OTL File:


OTL Extras logfile created on: 12/28/2010 10:43:38 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 194.78 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 2.38 Gb Free Space | 54.28% Space Free | Partition Type: FAT32
Drive E: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 74.53 Gb Total Space | 12.33 Gb Free Space | 16.55% Space Free | Partition Type: NTFS

Computer Name: YOUR-2438974142 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1132700087\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1132700087\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Common Files\AOL\1132700087\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1132700087\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{306AC1F8-42D9-4639-B412-ABCB7F01F85A}" = OptiPix Pro
"{3205A978-4A7A-403B-A4B9-D48E6BAFB73B}" = WinPatrol
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45401A03-BDF0-448F-9B0F-3882B96F6692}" = Belkin Wireless Utility
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6CF4996E-9A09-4C7A-BB2B-22CB4D7F33BE}" = nav-u tool
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Spyware Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.2
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVG" = AVG 2011
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;
"Bicycle Board Games 1.0" = Bicycle Board Games
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
"Dell AIO Printer A920" = Dell AIO Printer A920
"Diamond Detective" = Diamond Detective
"DVD Shrink_is1" = DVD Shrink 3.2
"Free Internet Eraser_is1" = Free Internet Eraser 2.30
"Glary Utilities_is1" = Glary Utilities 2.8.0.366
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iISystem Wiper_is1" = iISystem Wiper 2.4.1
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Jardinains 2!_is1" = Jardinains 2!
"Lexmark 3300 Series" = Lexmark 3300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"PuckFun_is1" = PuckFun 1.5
"Quick StartUp_is1" = Quick StartUp 1.9
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Registry Repair_is1" = Registry Repair 2.4
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sakina Privacy Protector" = Sakina Privacy Protector
"SightSpeed" = SightSpeed
"Smart Defrag_is1" = Smart Defrag 1.11
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Splash" = Splash
"Spring Sprang Sprung" = Spring Sprang Sprung
"SysInfo" = Creative System Information
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Slinger" = Word Slinger
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 5:48:33 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:48:33 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:48:33 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:48:33 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:54:03 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:54:03 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:54:03 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 5:54:03 PM | Computer Name = YOUR-2438974142 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/26/2010 9:18:04 PM | Computer Name = YOUR-2438974142 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8328.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 10:55:17 AM | Computer Name = YOUR-2438974142 | Source = MsiInstaller | ID = 11904
Description = Product: AVG 2011 -- Error 1904. Module C:\Program Files\AVG\AVG10\avgssie.dll
failed to register. HRESULT -2147024891. Contact your support personnel.

[ System Events ]
Error - 12/26/2010 1:16:16 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 12/26/2010 3:48:36 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7034
Description = The PrismXL service terminated unexpectedly. It has done this 1 time(s).

Error - 12/26/2010 4:09:04 PM | Computer Name = YOUR-2438974142 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 12/26/2010 5:49:16 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/26/2010 5:54:51 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/26/2010 6:48:19 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/26/2010 7:01:37 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/26/2010 8:56:13 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/27/2010 11:13:54 AM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/27/2010 3:19:20 PM | Computer Name = YOUR-2438974142 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079


< End of report >
  • 0

#5
RKinner
Posted 28 December 2010 - 10:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box below by highlighting and then Ctrl + c :

:Services
CLTNetCnService

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O22 - SharedTaskScheduler: {B2B220C1-A503-59BD-F413-01B53A2C8953} - iwuiahf87sfy8ushfijsjgfgf - C:\WINDOWS\System32\n5qa2rv6sz.dll File not found
O33 - MountPoints2\{5aef93c4-a49e-11db-8540-00016cf815dc}\Shell - "" = AutoRun
O33 - MountPoints2\{5aef93c4-a49e-11db-8540-00016cf815dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5aef93c4-a49e-11db-8540-00016cf815dc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fb783b98-00fb-11df-9c00-00016cf815dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fb783b98-00fb-11df-9c00-00016cf815dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb783b98-00fb-11df-9c00-00016cf815dc}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff73fe81-4550-11df-9c10-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ff73fe81-4550-11df-9c10-00038a000015}\Shell\AutoRun - "" = Auto&Play
[2010/12/25 21:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{78498292-1433-458D-9446-07534F7BC8BF}
[2010/12/25 21:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\C921466180557D5A01DAC2E7593C2C54
[2010/12/18 17:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\nmmicrocore{DB9CF5D7-17C7-48c7-99A5-06E82D0A0252}
[2010/12/26 11:23:24 | 000,000,018 | ---- | C] () -- C:\Documents and Settings\Owner\iidelonb.ini
[2010/12/26 08:45:18 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/25 21:11:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nxisivuluyetofi.dat
[2010/12/25 21:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gcuyoyowohowo.bin
[2010/12/25 21:08:44 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\KVMH.job

:FILES
C:\WINDOWS\Tasks\At*.job

:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Run OTL then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.


Uninstall
2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1


Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

http://subs.geekstogo.com/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://www.infospywa...alware/combofix


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image Please download Malwarebytes' Anti-Malware from http://www.malwareby...am-download.php

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run OTL and press the QuickScan button and post the log. How is it running now?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP