Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

extremely slow computer


  • This topic is locked This topic is locked

#16
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
sorry to run...i have to meet my son for some auto repairs tonite...thank you so much for your help today...i will log on again thursday morn at 8 am. have a great evening!!
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem I will be offline soon ... Could you retry the AVP link when you get back to see if it works for you
  • 0

#18
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
kaspersky avp report

Autoscan: completed 2 minutes ago (events: 2, objects: 231625, time: 01:33:08)
5/5/2011 7:53:19 AM Task started
5/5/2011 9:26:28 AM Task completed
  • 0

#19
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
attaching zip file from kaspersky disinfection

Attached Files


  • 0

#20
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
now i am having problems with yahoo mail..it keeps losing the page and recovering the tab..then loses it completely.

res://ieframe.dll/acr_error.htm#yahoo.com,http://us.mc1143.mail.yahoo.com/mc/welcome?.gx=1&.tm=1304606644&.rand=dvh69513ue4c5

above is the text from the address bar
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm a weird one this as the AVP scan shows no problems - lets look at the internet settings next

First run the fixit on this page

If that fails then try the following

  • To open a command prompt, click Start > All Programs > Accessories and then right click command prompt and select run as administrator.
  • Copy and paste (or type) the following command in the command box box and then press ENTER:
    netsh winsock reset c:\resetlog.txt
  • Reboot the computer.
  • In next reply please post content of the file c:\resetlog.txt

THEN

Could you run a fresh OTL scan

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#22
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
details from command prompt

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{70100905-5CC4-4A00-9CE9-F68BCBD1F4B5}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{70100905-5CC4-4A00-9CE9-F68BCBD1F4B5}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CD29240C-327E-49E8-ABE5-FFC653F9F9BB}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42D80C86-BF0B-4AC4-84DE-D0C2A39E15BE}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70100905-5CC4-4A00-9CE9-F68BCBD1F4B5}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for PCI\VEN_14E4&DEV_170C&SUBSYS_01E51028&REV_02\4&B7B19ED&0&48A4. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>
  • 0

#23
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
OTL logfile created on: 5/5/2011 12:57:28 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GAH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 411.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 127.40 Gb Free Space | 85.53% Space Free | Partition Type: NTFS

Computer Name: GAH | User Name: gah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 07:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/14 10:55:34 | 001,896,536 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\netphone.exe
PRC - [2008/10/14 10:55:34 | 000,073,728 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\CTSppDialerEXE.exe
PRC - [2008/10/14 10:55:30 | 000,454,656 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\npmsgpop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/02 11:23:02 | 000,883,200 | ---- | M] (Schellenbach & Assoc., Inc. dba AccuSoft Enterprises) -- C:\Program Files\Atwin\Atwin32.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2007/02/15 20:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 03:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-746137067-1844823847-839522115-1183\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/05 07:39:55 | 000,000,000 | ---D | M]

[2010/10/14 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAH\Application Data\Mozilla\Extensions
File not found (No name found) --
[2011/05/05 07:39:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/02/22 10:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/05/04 16:21:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Net Phone.lnk = C:\oaisys\netphone\netphone.exe (Toshiba America Information Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\..Trusted Domains: racinonow.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190992752156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.128.30 172.16.128.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stempf.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 07:49:36 | 113,078,384 | ---- | C] ( ) -- C:\Documents and Settings\GAH\Desktop\setup_9.0.0.722_05.05.2011_13-36.exe
[2011/05/05 07:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/05 07:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/05 07:38:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/05 07:26:17 | 005,497,592 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\GAH\Desktop\avg_free_stb_all_2011_1321_cnet.exe
[2011/05/04 16:17:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/04 16:14:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/04 16:14:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/04 16:14:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/04 16:14:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/04 16:12:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/04 14:29:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 12:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 07:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GAH\Recent
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
[2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data
[2011/04/22 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\Downloads
[2011/04/22 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\Local Settings\Application Data\Mozilla
[2011/04/07 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\STEMPF SALES CATALOGS
[2011/04/06 10:53:21 | 000,000,000 | ---D | C] -- C:\$AVG
[2008/03/12 11:17:24 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/05 12:53:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 12:48:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 12:48:18 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 12:48:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 09:34:31 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Shortcut to avptool_sysinfo.lnk
[2011/05/05 07:49:48 | 113,078,384 | ---- | M] ( ) -- C:\Documents and Settings\GAH\Desktop\setup_9.0.0.722_05.05.2011_13-36.exe
[2011/05/05 07:42:39 | 114,195,455 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 07:39:58 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/05 07:26:29 | 005,497,592 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\GAH\Desktop\avg_free_stb_all_2011_1321_cnet.exe
[2011/05/04 16:21:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/04 16:17:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/04 16:13:45 | 004,337,362 | R--- | M] () -- C:\Documents and Settings\GAH\Desktop\ComboFix.exe
[2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 12:22:58 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Dorman Products.url
[2011/05/04 12:22:18 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Mevotech Parts Online.url
[2011/05/04 08:19:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Hanco Homepage.url
[2011/05/03 13:50:39 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | M] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/05/03 13:44:39 | 002,814,054 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/27 08:39:46 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Storm Prediction Center Storm Reports.url
[2011/04/27 07:40:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 07:33:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\GAH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 07:33:00 | 000,576,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 07:33:00 | 000,125,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 01:16:42 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 14:17:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2011/04/06 13:34:12 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Welcome to the Federal-Mogul eCatalog Resource Center.url

========== Files Created - No Company Name ==========

[2011/05/05 09:34:31 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\GAH\Desktop\Shortcut to avptool_sysinfo.lnk
[2011/05/05 07:42:39 | 114,195,455 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 07:39:58 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/04 16:17:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/04 16:17:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/04 16:14:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 16:14:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 16:14:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 16:14:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 16:14:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/04 16:13:45 | 004,337,362 | R--- | C] () -- C:\Documents and Settings\GAH\Desktop\ComboFix.exe
[2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/22 14:17:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2010/08/26 11:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/05 12:56:12 | 000,736,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/05 12:56:12 | 000,022,048 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 12:16:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2008/05/20 12:49:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/12 11:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2008/03/12 11:17:38 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2008/03/12 11:17:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2008/03/12 11:17:38 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2008/03/12 11:17:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2008/03/12 11:17:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2008/03/12 11:17:24 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2008/03/12 11:17:24 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2008/03/12 11:17:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2008/03/12 11:17:24 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2007/10/05 14:08:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/10/02 10:17:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\GAH\Local Settings\Application Data\fusioncache.dat
[2007/09/28 10:18:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/18 08:17:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/18 07:54:00 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/18 07:54:00 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/18 07:53:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/09/18 07:53:44 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:29 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 17:00:28 | 000,576,554 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,125,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/05/05 07:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/24 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2010/10/18 07:55:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/05 12:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2007/12/19 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/05/05 07:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/21 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/10/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/05 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/22 10:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/02 08:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/07/15 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/01 09:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Auslogics
[2010/12/17 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG
[2010/10/18 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG10
[2010/06/10 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Camfrog
[2009/02/24 14:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.w3i.musicoasis
[2009/01/21 15:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\CTS
[2010/07/21 15:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\ElevatedDiagnostics
[2007/11/26 15:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\funkitron
[2011/01/25 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\IsolatedStorage
[2007/12/28 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Leadertech
[2007/12/20 17:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\PlayFirst
[2010/01/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Sammsoft
[2011/01/21 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Spicer
[2007/10/05 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Toshiba
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio Viewer
[2009/12/02 08:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCCFE57E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#24
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
OTL logfile created on: 5/5/2011 12:57:28 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GAH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 411.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 127.40 Gb Free Space | 85.53% Space Free | Partition Type: NTFS

Computer Name: GAH | User Name: gah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 07:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/14 10:55:34 | 001,896,536 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\netphone.exe
PRC - [2008/10/14 10:55:34 | 000,073,728 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\CTSppDialerEXE.exe
PRC - [2008/10/14 10:55:30 | 000,454,656 | ---- | M] (Toshiba America Information Systems, Inc.) -- C:\oaisys\netphone\npmsgpop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/02 11:23:02 | 000,883,200 | ---- | M] (Schellenbach & Assoc., Inc. dba AccuSoft Enterprises) -- C:\Program Files\Atwin\Atwin32.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2007/02/15 20:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 03:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-746137067-1844823847-839522115-1183\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/05 07:39:55 | 000,000,000 | ---D | M]

[2010/10/14 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAH\Application Data\Mozilla\Extensions
File not found (No name found) --
[2011/05/05 07:39:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/02/22 10:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/05/04 16:21:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Net Phone.lnk = C:\oaisys\netphone\netphone.exe (Toshiba America Information Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1844823847-839522115-1183\..Trusted Domains: racinonow.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190992752156 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.128.30 172.16.128.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stempf.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 07:49:36 | 113,078,384 | ---- | C] ( ) -- C:\Documents and Settings\GAH\Desktop\setup_9.0.0.722_05.05.2011_13-36.exe
[2011/05/05 07:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/05 07:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/05 07:38:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/05 07:26:17 | 005,497,592 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\GAH\Desktop\avg_free_stb_all_2011_1321_cnet.exe
[2011/05/04 16:17:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/04 16:14:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/04 16:14:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/04 16:14:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/04 16:14:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/04 16:12:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/04 14:29:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 12:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 07:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GAH\Recent
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
[2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data
[2011/04/22 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\Downloads
[2011/04/22 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\Local Settings\Application Data\Mozilla
[2011/04/07 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAH\My Documents\STEMPF SALES CATALOGS
[2011/04/06 10:53:21 | 000,000,000 | ---D | C] -- C:\$AVG
[2008/03/12 11:17:24 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/05 12:53:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 12:48:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 12:48:18 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 12:48:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 09:34:31 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Shortcut to avptool_sysinfo.lnk
[2011/05/05 07:49:48 | 113,078,384 | ---- | M] ( ) -- C:\Documents and Settings\GAH\Desktop\setup_9.0.0.722_05.05.2011_13-36.exe
[2011/05/05 07:42:39 | 114,195,455 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 07:39:58 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/05 07:26:29 | 005,497,592 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\GAH\Desktop\avg_free_stb_all_2011_1321_cnet.exe
[2011/05/04 16:21:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/04 16:17:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/04 16:13:45 | 004,337,362 | R--- | M] () -- C:\Documents and Settings\GAH\Desktop\ComboFix.exe
[2011/05/04 12:29:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAH\Desktop\OTL.exe
[2011/05/04 12:22:58 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Dorman Products.url
[2011/05/04 12:22:18 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Mevotech Parts Online.url
[2011/05/04 08:19:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Hanco Homepage.url
[2011/05/03 13:50:39 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | M] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/05/03 13:44:39 | 002,814,054 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/27 08:39:46 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Storm Prediction Center Storm Reports.url
[2011/04/27 07:40:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 07:33:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\GAH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 07:33:00 | 000,576,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 07:33:00 | 000,125,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 01:16:42 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 14:17:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | M] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2011/04/06 13:34:12 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\GAH\Desktop\Welcome to the Federal-Mogul eCatalog Resource Center.url

========== Files Created - No Company Name ==========

[2011/05/05 09:34:31 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\GAH\Desktop\Shortcut to avptool_sysinfo.lnk
[2011/05/05 07:42:39 | 114,195,455 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 07:39:58 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/04 16:17:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/04 16:17:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/04 16:14:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 16:14:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 16:14:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 16:14:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 16:14:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/04 16:13:45 | 004,337,362 | R--- | C] () -- C:\Documents and Settings\GAH\Desktop\ComboFix.exe
[2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
[2011/04/22 14:17:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/22 08:10:40 | 000,100,489 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\31 Inc. TPMS Application Chart 12-28-10[1].pdf
[2011/04/20 13:18:09 | 001,343,573 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\pdf_20319[1] DAYTON CHASSIS PARTS CAT.pdf
[2011/04/20 10:29:14 | 004,239,812 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\K6869436[1] U CONNECT INSTALL.pdf
[2011/04/18 12:09:29 | 003,627,914 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\Interior_Body[1].pdf
[2011/04/15 16:05:42 | 000,248,341 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\20110415150429939.pdf
[2010/08/26 11:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/05 12:56:12 | 000,736,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/05 12:56:12 | 000,022,048 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 12:16:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2008/05/20 12:49:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/12 11:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2008/03/12 11:17:38 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2008/03/12 11:17:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2008/03/12 11:17:38 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2008/03/12 11:17:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2008/03/12 11:17:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2008/03/12 11:17:24 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2008/03/12 11:17:24 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2008/03/12 11:17:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2008/03/12 11:17:24 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2007/10/05 14:08:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/10/02 10:17:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\GAH\Local Settings\Application Data\fusioncache.dat
[2007/09/28 10:18:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/18 08:17:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/18 07:54:00 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/18 07:54:00 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/18 07:53:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/09/18 07:53:44 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:29 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 17:00:28 | 000,576,554 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,125,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/05/05 07:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/24 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2010/10/18 07:55:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/05 12:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2007/12/19 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/05/05 07:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/21 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/10/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/05 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/22 10:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/02 08:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/07/15 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/01 09:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Auslogics
[2010/12/17 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG
[2010/10/18 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\AVG10
[2010/06/10 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Camfrog
[2009/02/24 14:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\com.w3i.musicoasis
[2009/01/21 15:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\CTS
[2010/07/21 15:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\ElevatedDiagnostics
[2007/11/26 15:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\funkitron
[2011/01/25 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\IsolatedStorage
[2007/12/28 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Leadertech
[2007/12/20 17:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\PlayFirst
[2010/01/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Sammsoft
[2011/01/21 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Spicer
[2007/10/05 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Toshiba
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio
[2009/12/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\W Photo Studio Viewer
[2009/12/02 08:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GAH\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCCFE57E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you create these folders on your root C drive ?

[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
[2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
[2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data


  • 0

Advertisements


#26
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
i don't think so..what is it?
  • 0

#27
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
i also have no clue what these files are either

[2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
[2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp

aren't gif files pictures?
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Guess what - they are going to be history

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/03 13:50:39 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
    [2011/05/03 13:50:39 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
    [2011/05/03 13:50:39 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
    [2011/05/03 13:50:39 | 000,000,256 | ---- | C] () -- C:\discmore_1.gif
    [2011/05/03 13:50:39 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
    [2011/05/03 13:50:39 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
    [2011/05/03 13:50:38 | 000,000,380 | ---- | C] () -- C:\edu.bmp
    [2011/05/03 13:50:38 | 000,000,304 | ---- | C] () -- C:\dir.bmp
    [2011/05/03 13:50:38 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
    [2011/05/03 13:50:38 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
    [2011/05/03 13:50:38 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
    [2011/05/03 13:50:38 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
    [2011/05/03 13:50:38 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
    [2011/05/03 13:50:38 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
    [2011/05/03 13:50:38 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
    [2011/05/03 13:50:38 | 000,000,138 | ---- | C] () -- C:\flk2.gif
    [2011/05/03 13:50:38 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
    [2011/05/03 13:50:38 | 000,000,113 | ---- | C] () -- C:\del_1.gif
    [2011/05/03 13:50:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
    [2011/05/03 13:50:37 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
    [2011/05/03 13:50:37 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
    [2011/05/03 13:50:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
    [2011/05/03 13:50:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
    [2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
    [2011/05/03 13:50:37 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
    [2011/05/03 13:44:26 | 002,814,054 | ---- | C] () -- C:\Documents and Settings\GAH\My Documents\2010-12-02 00.28.03.3gp
    [2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\w
    [2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\skins
    [2011/05/03 13:50:36 | 000,000,000 | ---D | C] -- C:\e
    [2011/05/03 13:50:23 | 000,000,000 | ---D | C] -- C:\Data

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#29
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
LOL i have no idea where this stuff comes from..thanks for all your help..i am glad i sell auto parts and only have to repair autos...computer hacks make things too dicey for me..i'll stick with cars...lol cars are easy compared to what you are doing...(:
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I did not ask about the gifs before as I saw that you have some catalogues on your system and thought you were making your own :)

Has the removal made any appreciable difference ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP