Run by Tim Oakley at 19:01:05.76 on Mon 01/10/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -7:00]
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim Oakley\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Power2GoExpress] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159453796765
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://mail.pcaengsur.com/Remote/msrdp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-2 11608]
R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2007-1-29 42240]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-1-8 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-1-8 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-1-8 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-1-8 29272]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-2 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-2 61960]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-1-8 380784]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-12-29 450400]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-1-8 3652696]
S3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2006-3-21 47488]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 136176]
=============== Created Last 30 ================
2011-01-11 00:55:19 -------- d-----w- C:\george10534g
2011-01-10 05:04:17 -------- d-----w- C:\george
2011-01-09 16:50:28 -------- d-----w- c:\docume~1\timoak~1\applic~1\QuickScan
2011-01-08 16:47:27 -------- d-----w- c:\docume~1\timoak~1\applic~1\OnlineArmor
2011-01-08 16:47:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-01-08 16:47:03 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-01-08 16:47:03 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-01-08 16:47:02 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-01-08 16:47:02 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-01-08 16:46:47 -------- d-----w- c:\program files\Online Armor
2011-01-08 03:14:52 -------- d-----w- C:\george3
2011-01-06 05:39:00 -------- d-----w- c:\windows\system32\CatRoot2
2011-01-06 05:35:46 -------- d-----w- c:\program files\UPHClean
2011-01-06 02:12:35 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-06 02:12:31 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-06 02:12:30 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-06 02:12:27 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-01-06 02:12:23 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-01-06 02:12:09 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-01-06 02:12:05 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-01-06 02:12:04 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-01-06 02:12:00 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-01-06 02:10:58 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2011-01-06 02:09:59 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2011-01-06 02:08:56 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-01-06 02:07:59 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-01-06 02:06:57 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2011-01-06 02:05:59 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-01-06 02:04:58 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-01-06 02:03:58 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-01-06 02:02:59 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
2011-01-06 02:01:57 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll
2011-01-06 01:50:26 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-01-06 01:50:23 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-01-06 01:50:19 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-01-06 01:50:18 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-01-06 01:50:14 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-01-06 01:50:11 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-01-06 01:50:09 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-01-06 01:50:06 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2011-01-06 01:50:02 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-01-06 01:50:00 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-01-06 01:48:57 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-01-06 01:47:58 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2011-01-06 01:46:58 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2011-01-06 01:45:59 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-01-06 01:44:59 83968 ----a-w- c:\windows\system32\dllcache\hpgt21.dll
2011-01-06 01:43:59 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-01-06 01:42:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2011-01-06 01:41:59 110592 ----a-w- c:\windows\system32\dllcache\dc260usd.dll
2011-01-06 01:40:59 32256 ----a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-01-06 01:39:59 17152 ----a-w- c:\windows\system32\dllcache\atitvsnd.sys
2011-01-06 01:37:47 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-01-04 01:56:27 -------- d-----w- c:\docume~1\timoak~1\applic~1\Avira
2011-01-02 21:14:42 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-02 21:14:41 -------- d-----w- c:\program files\Avira
2011-01-02 21:14:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-30 03:51:41 1409 ----a-w- c:\windows\QTFont.for
2010-12-30 03:46:42 -------- d-----w- c:\docume~1\timoak~1\locals~1\applic~1\Temp
2010-12-30 00:09:39 -------- d-----w- c:\program files\ESET
2010-12-29 22:54:33 -------- d-sha-r- C:\cmdcons
2010-12-29 21:57:55 98816 ----a-w- c:\windows\sed.exe
2010-12-29 21:57:55 89088 ----a-w- c:\windows\MBR.exe
2010-12-29 21:57:55 256512 ----a-w- c:\windows\PEV.exe
2010-12-29 21:57:55 161792 ----a-w- c:\windows\SWREG.exe
2010-12-29 17:04:01 -------- d-----w- C:\_OTL
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 19:03:17.12 ===============