Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

extremely slow computer


  • This topic is locked This topic is locked

#1
greghoffman

greghoffman

    Member

  • Member
  • PipPipPip
  • 439 posts
now it is extremely slow and sometimes windows just open up and i did not click on anything. i also can hear the sound of clicking coming from inside the case..it is louder than normal and more clicking than usual...almost like someone is using it in the background. i have run malwarebytes,eset and my installed avg 2011 to no avail. can someone please help me out? i will post the otl logs.

OTL logfile created on: 5/4/2011 12:32:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GAH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 622.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 128.04 Gb Free Space | 85.95% Space Free | Partition Type: NTFS

Computer Name: GAH | User Name: gah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 07:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/14 10:55:34 | 001,896,536 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\netphone.exe
PRC - [2008/10/14 10:55:34 | 000,073,728 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\CTSppDialerEXE.exe
PRC - [2008/10/14 10:55:30 | 000,454,656 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\npmsgpop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/02 11:23:02 | 000,883,200 | ---- | M] (Schellenbach & Assoc., Inc. dba AccuSoft Enterprises) -- C:\Program Files\Atwin\Atwin32.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/03 16:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 16:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 16:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2007/02/15 20:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 03:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 01:18:51 | 000,000,000 | ---D | M]

[2010/10/14 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAH\Application Data\Mozilla\Extensions
File not found (No name found) --
[2011/03/30 01:18:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/02/22 10:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/08/18 12:29:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Net Phone.lnk = C:\oaisys\netphone\netphone.exe (Toshiba America Information Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: racinonow.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190992752156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.128.30 172.16.128.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stempf.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 12:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 09:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/04 07:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GAH\Recent
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
[2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data
[2011/04/22 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\Downloads
[2011/04/22 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\Local Settings\Application Data\Mozilla
[2011/04/21 15:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/07 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\STEMPF SALES CATALOGS
[2011/04/06 10:53:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2008/03/12 11:17:24 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 12:22:58 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Dorman Products.url
[2011/05/04 12:22:18 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Mevotech Parts Online.url
[2011/05/04 11:53:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 08:19:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Hanco Homepage.url
[2011/05/04 07:26:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 07:26:50 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 01:33:30 | 114,096,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/05/03 16:31:27 | 000,000,298 | -HS- | M] () -- C:\WINDOWS\tasks\Jzkzvlg.job
[2011/05/03 16:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 13:50:39 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | M] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/05/03 13:44:39 | 002,814,054 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/27 08:39:46 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Storm Prediction Center Storm Reports.url
[2011/04/27 07:40:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 07:33:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\GAH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 07:33:00 | 000,576,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 07:33:00 | 000,125,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 01:16:42 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 14:17:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2011/04/06 13:34:12 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Welcome to the Federal-Mogul eCatalog Resource Center.url

========== Files Created - No Company Name ==========

[2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/22 14:17:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2010/08/26 11:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/05 12:56:12 | 000,736,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/05 12:56:12 | 000,022,048 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 12:16:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2008/05/20 12:49:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/12 11:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2008/03/12 11:17:38 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2008/03/12 11:17:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2008/03/12 11:17:38 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2008/03/12 11:17:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2008/03/12 11:17:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2008/03/12 11:17:24 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2008/03/12 11:17:24 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2008/03/12 11:17:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2008/03/12 11:17:24 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2007/10/05 14:08:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/10/02 10:17:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\GAH\Local Settings\Application Data\fusioncache.dat
[2007/09/28 10:18:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/18 08:17:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/18 07:54:00 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/18 07:54:00 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/18 07:53:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/09/18 07:53:44 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:29 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 17:00:28 | 000,576,554 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,125,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/24 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/24 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2010/10/18 07:55:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/05 12:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2007/12/19 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/02/24 16:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/21 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/10/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/05 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/22 10:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/02 08:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/07/15 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/01 09:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Auslogics
[2010/12/17 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG
[2010/10/18 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG10
[2010/06/10 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Camfrog
[2009/02/24 14:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.w3i.musicoasis
[2009/01/21 15:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\CTS
[2010/07/21 15:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\ElevatedDiagnostics
[2007/11/26 15:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\funkitron
[2011/01/25 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\IsolatedStorage
[2007/12/28 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Leadertech
[2007/12/20 17:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\PlayFirst
[2010/01/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Sammsoft
[2011/01/21 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Spicer
[2007/10/05 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Toshiba
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio Viewer
[2009/12/02 08:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Walgreens
[2011/05/03 16:31:27 | 000,000,298 | -HS- | M] () -- C:\WINDOWS\Tasks\Jzkzvlg.job
[2011/05/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCCFE57E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


OTL logfile created on: 5/4/2011 12:32:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GAH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 622.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 128.04 Gb Free Space | 85.95% Space Free | Partition Type: NTFS

Computer Name: GAH | User Name: gah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 07:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/14 10:55:34 | 001,896,536 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\netphone.exe
PRC - [2008/10/14 10:55:34 | 000,073,728 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\CTSppDialerEXE.exe
PRC - [2008/10/14 10:55:30 | 000,454,656 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\npmsgpop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/02 11:23:02 | 000,883,200 | ---- | M] (Schellenbach & Assoc., Inc. dba AccuSoft Enterprises) -- C:\Program Files\Atwin\Atwin32.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/03 16:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 16:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 16:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2007/02/15 20:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 03:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 01:18:51 | 000,000,000 | ---D | M]

[2010/10/14 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAH\Application Data\Mozilla\Extensions
File not found (No name found) --
[2011/03/30 01:18:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/02/22 10:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/08/18 12:29:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Net Phone.lnk = C:\oaisys\netphone\netphone.exe (Toshiba America Information Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: racinonow.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190992752156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.128.30 172.16.128.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stempf.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 12:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 09:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/04 07:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GAH\Recent
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
[2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data
[2011/04/22 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\Downloads
[2011/04/22 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\Local Settings\Application Data\Mozilla
[2011/04/21 15:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/07 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\STEMPF SALES CATALOGS
[2011/04/06 10:53:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2008/03/12 11:17:24 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 12:22:58 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Dorman Products.url
[2011/05/04 12:22:18 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Mevotech Parts Online.url
[2011/05/04 11:53:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 08:19:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Hanco Homepage.url
[2011/05/04 07:26:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 07:26:50 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 01:33:30 | 114,096,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/05/03 16:31:27 | 000,000,298 | -HS- | M] () -- C:\WINDOWS\tasks\Jzkzvlg.job
[2011/05/03 16:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 13:50:39 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | M] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/05/03 13:44:39 | 002,814,054 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/27 08:39:46 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Storm Prediction Center Storm Reports.url
[2011/04/27 07:40:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 07:33:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\GAH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 07:33:00 | 000,576,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 07:33:00 | 000,125,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 01:16:42 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 14:17:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2011/04/06 13:34:12 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Welcome to the Federal-Mogul eCatalog Resource Center.url

========== Files Created - No Company Name ==========

[2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/22 14:17:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2010/08/26 11:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/05 12:56:12 | 000,736,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/05 12:56:12 | 000,022,048 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 12:16:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2008/05/20 12:49:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/12 11:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2008/03/12 11:17:38 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2008/03/12 11:17:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2008/03/12 11:17:38 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2008/03/12 11:17:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2008/03/12 11:17:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2008/03/12 11:17:24 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2008/03/12 11:17:24 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2008/03/12 11:17:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2008/03/12 11:17:24 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2007/10/05 14:08:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/10/02 10:17:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\GAH\Local Settings\Application Data\fusioncache.dat
[2007/09/28 10:18:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/18 08:17:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/18 07:54:00 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/18 07:54:00 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/18 07:53:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/09/18 07:53:44 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:29 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 17:00:28 | 000,576,554 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,125,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/24 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/24 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2010/10/18 07:55:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/05 12:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2007/12/19 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/02/24 16:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/21 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/10/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/05 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/22 10:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/02 08:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/07/15 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/01 09:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Auslogics
[2010/12/17 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG
[2010/10/18 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG10
[2010/06/10 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Camfrog
[2009/02/24 14:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.w3i.musicoasis
[2009/01/21 15:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\CTS
[2010/07/21 15:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\ElevatedDiagnostics
[2007/11/26 15:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\funkitron
[2011/01/25 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\IsolatedStorage
[2007/12/28 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Leadertech
[2007/12/20 17:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\PlayFirst
[2010/01/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Sammsoft
[2011/01/21 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Spicer
[2007/10/05 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Toshiba
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio Viewer
[2009/12/02 08:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Walgreens
[2011/05/03 16:31:27 | 000,000,298 | -HS- | M] () -- C:\WINDOWS\Tasks\Jzkzvlg.job
[2011/05/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCCFE57E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can find the culprit

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/05/03 16:31:27 | 000,000,298 | -HS- | M] () -- C:\WINDOWS\Tasks\Jzkzvlg.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
thanks for helping me out essexboy heres the logs.

OTL logfile created on: 5/4/2011 2:35:05 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GAH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 128.02 Gb Free Space | 85.94% Space Free | Partition Type: NTFS

Computer Name: GAH | User Name: gah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 07:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/14 10:55:34 | 001,896,536 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\netphone.exe
PRC - [2008/10/14 10:55:34 | 000,073,728 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\CTSppDialerEXE.exe
PRC - [2008/10/14 10:55:30 | 000,454,656 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\npmsgpop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/02 11:23:02 | 000,883,200 | ---- | M] (Schellenbach & Assoc., Inc. dba AccuSoft Enterprises) -- C:\Program Files\Atwin\Atwin32.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/03 16:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 16:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 16:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2007/02/15 20:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 03:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 01:18:51 | 000,000,000 | ---D | M]

[2010/10/14 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAH\Application Data\Mozilla\Extensions
File not found (No name found) --
[2011/03/30 01:18:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/02/22 10:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/05/04 14:29:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Net Phone.lnk = C:\oaisys\netphone\netphone.exe (Toshiba America Information Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: racinonow.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190992752156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.128.30 172.16.128.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stempf.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 14:29:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 12:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 07:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GAH\Recent
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
[2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data
[2011/04/22 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\Downloads
[2011/04/22 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\Local Settings\Application Data\Mozilla
[2011/04/07 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\STEMPF SALES CATALOGS
[2011/04/06 10:53:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2008/03/12 11:17:24 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/04 14:32:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 14:32:01 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 14:31:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 14:29:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/04 13:53:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 12:22:58 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Dorman Products.url
[2011/05/04 12:22:18 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Mevotech Parts Online.url
[2011/05/04 08:19:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Hanco Homepage.url
[2011/05/04 01:33:30 | 114,096,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/05/03 13:50:39 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | M] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/05/03 13:44:39 | 002,814,054 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/27 08:39:46 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Storm Prediction Center Storm Reports.url
[2011/04/27 07:40:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 07:33:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\GAH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 07:33:00 | 000,576,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 07:33:00 | 000,125,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 01:16:42 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 14:17:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2011/04/06 13:34:12 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Welcome to the Federal-Mogul eCatalog Resource Center.url

========== Files Created - No Company Name ==========

[2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/22 14:17:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2010/08/26 11:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/05 12:56:12 | 000,736,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/05 12:56:12 | 000,022,048 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 12:16:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2008/05/20 12:49:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/12 11:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2008/03/12 11:17:38 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2008/03/12 11:17:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2008/03/12 11:17:38 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2008/03/12 11:17:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2008/03/12 11:17:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2008/03/12 11:17:24 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2008/03/12 11:17:24 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2008/03/12 11:17:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2008/03/12 11:17:24 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2007/10/05 14:08:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/10/02 10:17:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\GAH\Local Settings\Application Data\fusioncache.dat
[2007/09/28 10:18:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/18 08:17:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/18 07:54:00 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/18 07:54:00 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/18 07:53:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/09/18 07:53:44 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:29 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 17:00:28 | 000,576,554 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,125,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/24 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/24 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2010/10/18 07:55:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/05 12:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2007/12/19 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/02/24 16:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/21 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/10/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/05 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/22 10:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/02 08:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/07/15 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/01 09:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Auslogics
[2010/12/17 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG
[2010/10/18 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG10
[2010/06/10 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Camfrog
[2009/02/24 14:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.w3i.musicoasis
[2009/01/21 15:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\CTS
[2010/07/21 15:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\ElevatedDiagnostics
[2007/11/26 15:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\funkitron
[2011/01/25 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\IsolatedStorage
[2007/12/28 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Leadertech
[2007/12/20 17:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\PlayFirst
[2010/01/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Sammsoft
[2011/01/21 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Spicer
[2007/10/05 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Toshiba
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio Viewer
[2009/12/02 08:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Walgreens
[2011/05/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCCFE57E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-04 14:42:16
-----------------------------
14:42:16.293 OS Version: Windows 5.1.2600 Service Pack 3
14:42:16.293 Number of processors: 2 586 0xF02
14:42:16.293 ComputerName: GAH UserName: gah
14:42:17.034 Initialize success
14:42:18.579 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:42:18.579 Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
14:42:20.571 Disk 0 MBR read successfully
14:42:20.571 Disk 0 MBR scan
14:42:20.571 Disk 0 Windows XP default MBR code
14:42:22.548 Disk 0 scanning sectors +312480315
14:42:22.564 Disk 0 scanning C:\WINDOWS\system32\drivers
14:42:26.672 Service scanning
14:42:27.506 Disk 0 trace - called modules:
14:42:27.506 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll atiide.sys PCIIDEX.SYS
14:42:27.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86970ab8]
14:42:27.506 3 CLASSPNP.SYS[f7674fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8697cd98]
14:42:27.506 Scan finished successfully
14:42:54.413 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\GAH\Desktop\MBR.dat"
14:42:54.428 The log file has been saved successfully to "C:\Documents and Settings\GAH\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first a question - are you still getting undemanded browser starts and the weird clicking ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
no more excess clicking or browser probs...just extremely slow opening of programs and browser. it took almost 30 seconds to open your reply. i will run malwarebytes..
  • 0

#6
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
MBAM LOG

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6504

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/4/2011 3:00:30 PM
mbam-log-2011-05-04 (15-00-30).txt

Scan type: Quick scan
Objects scanned: 163330
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
still very very slow to open programs...also get a yellow triangle sometimes in the left lower corner when internet browsing. says done with errors?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next we will do a little TLC and see what results after that

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image
  • 0

#9
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
ok..i use tfc and puran every nite before closing my machine down for the night...did it and still having the slow opening and closing of programs..i apologize..i am at a loss
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then it is time to look for some hidden stuff.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to and including Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

Advertisements


#11
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
will i have to disable my avg while running kaspersky?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There should be no requirement for that :)
  • 0

#13
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
i cannot download this to my desktop..it gives me the webpage cannot be found error screen and the triangle icon in the lower left corner pops up and it says error on page. when i double left click on the triangle, it says object required, avptool/ , line : 53 , code : 0 , URI:http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we are looking at a rootkit here. I will need you to uninstall AVG for the next stage

Download the AVG removal tool
Download a fresh copy of AVG
Download Combofix
Link 1
Link 2

Uninstall AVG via add/remove
Reboot
Run the removal tool
Reboot


[*]Double click on ComboFix.exe & follow the prompts.


[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[/list]
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#15
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
heres the combo fix log

ComboFix 11-05-04.02 - gah 05/04/2011 16:18:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.648 [GMT -5:00]
Running from: c:\documents and settings\GAH\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\GAH\WINDOWS
c:\windows\system32\MSMASK32.OCX
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 19:29 . 2011-05-04 19:29 -------- dc----w- C:\_OTL
2011-05-03 18:50 . 2011-05-03 18:50 -------- dc----w- C:\e
2011-05-03 18:50 . 2011-05-03 18:50 -------- dc----w- C:\skins
2011-05-03 18:50 . 2011-05-03 18:50 -------- dc----w- C:\w
2011-05-03 18:50 . 2011-05-03 18:50 -------- dc----w- C:\Data
2011-04-22 19:17 . 2011-04-22 19:17 -------- d-----w- c:\documents and settings\GAH\Local Settings\Application Data\Mozilla
2011-04-22 18:41 . 2011-04-22 18:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-06 15:53 . 2011-04-06 15:53 -------- dc----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-11 22:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-11 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 15:28 . 2011-02-22 15:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-22 15:28 . 2010-05-12 13:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-22 11:41 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2007-09-18 12:52 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-11 22:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 03:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-11 22:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-11 22:11 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-11 22:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Net Phone.lnk - c:\oaisys\netphone\netphone.exe [2007-10-5 1896536]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\oaisys\\netphone\\netphone.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6150:TCP"= 6150:TCP:AVG
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/18/2007 7:54 AM 3456]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 7:04 AM 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 7:04 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 12:23 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 12:23 PM 135664]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [1/24/2011 12:02 PM 229376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 17:23]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 17:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
Trusted Zone: internet
Trusted Zone: racinonow.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-04 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-04 16:23:52
ComboFix-quarantined-files.txt 2011-05-04 21:23
.
Pre-Run: 137,580,396,544 bytes free
Post-Run: 137,576,140,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 030804BB362F5CFDEA1C8DBE520A5620
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP