Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect [Solved]


  • This topic is locked This topic is locked

#1
mlacosta

mlacosta

    Member

  • Member
  • PipPip
  • 11 posts
Hi and Thanks in advance for any help you can give me. This has been an issue for some time now, probably going on 6 months. I now have the time address it.

I've followed the steps in "How to fix Google Redirects, aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Backdoor.Tid" with no success.

Here are the MBAM and GMER logs, in addition to the OTL log/extras.

Thanks again!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4177

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/7/2010 6:30:15 PM
mbam-log-2010-06-07 (18-30-15).txt

Scan type: Quick scan
Objects scanned: 127846
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-07 22:51:29
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MOMHOM~1\LOCALS~1\Temp\ugldypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 6/7/2010 10:53:42 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mom Home\Desktop\New Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.35 Gb Total Space | 49.88 Gb Free Space | 72.97% Space Free | Partition Type: NTFS
Drive D: | 246.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMHOME
Current User Name: Mom Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
PRC - [2010/06/02 11:37:21 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:37:18 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:37:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:37:12 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:37:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/22 10:45:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/23 04:53:30 | 003,633,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/03/09 06:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 16:38:22 | 000,689,456 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
MOD - [2009/03/23 04:36:40 | 000,065,536 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TV.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/08/02 20:03:00 | 002,627,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/02 20:03:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2001/08/17 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartw[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/22 00:12:38 | 000,000,000 | ---D | M]

[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions
[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions\[email protected]
[2008/10/27 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions
[2008/10/27 20:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/12/25 03:31:25 | 000,001,523 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.159.110.45 www.google.com
O1 - Hosts: 78.159.110.45 www.google.de
O1 - Hosts: 78.159.110.45 www.google.fr
O1 - Hosts: 78.159.110.45 www.google.co.uk
O1 - Hosts: 78.159.110.45 www.google.com.br
O1 - Hosts: 78.159.110.45 www.google.it
O1 - Hosts: 78.159.110.45 www.google.es
O1 - Hosts: 78.159.110.45 www.google.co.jp
O1 - Hosts: 78.159.110.45 www.google.com.mx
O1 - Hosts: 78.159.110.45 www.google.ca
O1 - Hosts: 78.159.110.45 www.google.com.au
O1 - Hosts: 78.159.110.45 www.google.nl
O1 - Hosts: 78.159.110.45 www.google.co.za
O1 - Hosts: 78.159.110.45 www.google.be
O1 - Hosts: 78.159.110.45 www.google.gr
O1 - Hosts: 78.159.110.45 www.google.at
O1 - Hosts: 78.159.110.45 www.google.se
O1 - Hosts: 78.159.110.45 www.google.ch
O1 - Hosts: 78.159.110.45 www.google.pt
O1 - Hosts: 78.159.110.45 www.google.dk
O1 - Hosts: 78.159.110.45 www.google.fi
O1 - Hosts: 78.159.110.45 www.google.ie
O1 - Hosts: 78.159.110.45 www.google.no
O1 - Hosts: 78.159.110.45 search.yahoo.com
O1 - Hosts: 2 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mom Home\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 12:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:25:43 | 000,000,025 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ATTYahoo.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/09 04:58:03 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/07 18:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\gmer
[2010/06/07 18:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller
[2010/06/07 18:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\GooredFix Backups
[2010/06/07 17:50:51 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:50:40 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\New Folder
[2010/06/03 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2010/06/03 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/03 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/03 14:41:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom Home\Recent
[2010/06/02 12:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/14 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/07 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\My Documents\My Scans
[2010/05/03 21:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\sidnei music 2
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\downloads
[2010/05/02 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Music Zilla
[2010/05/02 00:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\sidnei music
[2010/05/02 00:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Apple Computer
[2010/05/02 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 00:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 00:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/02 00:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple
[2010/05/02 00:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/02 00:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/02 00:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple Computer
[2010/04/22 19:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Temp
[2010/04/22 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/22 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/22 10:53:39 | 001,318,912 | ---- | C] (Stingray Software Inc.) -- C:\WINDOWS\System32\OT603as.dll
[2010/04/22 10:53:39 | 000,307,200 | ---- | C] (Logikos, Inc.) -- C:\WINDOWS\System32\LogControls.ocx
[2010/04/22 10:53:39 | 000,172,032 | ---- | C] (Stingray Software Inc.) -- C:\WINDOWS\System32\OSC611as.dll
[2010/04/22 10:53:38 | 001,396,736 | ---- | C] (Stingray, a division of Rogue Wave Software) -- C:\WINDOWS\System32\og702as.dll
[2010/04/22 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Accu-Chek Compass
[2010/04/22 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/22 00:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HPAppData
[2010/04/22 00:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/15 12:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/15 12:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Intuit
[2010/04/15 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/15 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IsolatedStorage
[2010/03/23 17:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HP
[2010/03/23 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\HP
[2010/03/23 16:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/03/23 16:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/03/23 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/03/23 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/23 16:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/03/23 16:39:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2010/03/23 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/03/23 16:35:38 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/03/22 00:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2010/03/12 20:19:06 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/06/07 22:25:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 22:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/07 20:27:32 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 20:27:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 20:27:23 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/07 20:25:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 20:25:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/07 20:24:39 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Mom Home\NTUSER.DAT
[2010/06/07 20:24:32 | 004,959,888 | -H-- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IconCache.db
[2010/06/07 18:25:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/07 17:48:22 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:47:40 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:47:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:25:07 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/07 10:24:31 | 060,783,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/07 10:20:39 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/06 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/06 22:42:33 | 000,369,670 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/05 23:51:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Microsoft Outlook.lnk
[2010/06/04 00:04:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mom Home\ntuser.ini
[2010/06/03 23:57:36 | 000,222,217 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:45:39 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 13:16:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/30 10:12:26 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/05/29 23:05:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 23:27:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 20:03:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:19:43 | 000,019,521 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:17:03 | 000,000,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/10 00:15:43 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:12 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/09 17:18:39 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\TEST.doc
[2010/05/02 14:48:03 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk
[2010/05/02 14:48:03 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Free Music Zilla.lnk
[2010/05/02 00:24:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/01 19:00:52 | 000,069,158 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Rancho Bernardo High School.mht
[2010/05/01 15:36:50 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\spider.sav
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:39:39 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\ALYSHA MARIE ACOSTA DOC..doc
[2010/04/23 13:30:35 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/22 10:53:40 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Accu-Chek Compass.lnk
[2010/04/22 00:25:12 | 000,045,872 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/22 00:22:29 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 00:13:54 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/04/22 00:06:23 | 000,077,352 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/04/22 00:00:08 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/17 17:01:55 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/04/17 12:27:04 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 23:43:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 17:24:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:56:14 | 000,176,399 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2010/03/23 16:55:47 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/23 16:44:35 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/23 16:40:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/14 21:36:56 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 21:36:56 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 21:36:55 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 20:19:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010/06/07 20:25:37 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/07 18:25:48 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 17:50:40 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:20:58 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 17:20:57 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/06 22:42:30 | 000,369,670 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/03 23:57:34 | 000,222,217 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:46:08 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/03 14:45:39 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/01 13:16:25 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/27 20:03:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:15:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:17 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:14:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/10 00:14:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/05/02 14:48:03 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk
[2010/05/02 14:48:03 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\Free Music Zilla.lnk
[2010/05/02 00:26:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 00:24:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/02 00:23:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/01 19:00:49 | 000,069,158 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Rancho Bernardo High School.mht
[2010/04/28 21:39:38 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\ALYSHA MARIE ACOSTA DOC..doc
[2010/04/22 19:06:32 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/22 19:06:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/22 10:53:43 | 000,001,078 | ---- | C] () -- C:\WINDOWS\System32\rdaccug.ico
[2010/04/22 10:53:40 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Accu-Chek Compass.lnk
[2010/04/22 00:10:51 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/04/22 00:00:08 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/21 23:56:14 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/17 14:47:11 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/04/16 00:38:40 | 001,024,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/15 12:23:08 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 23:43:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 17:24:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:50:03 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/03/23 16:44:35 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/23 16:39:33 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/03/23 16:33:19 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/23 16:33:18 | 000,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/03/23 16:33:17 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/10/24 13:31:17 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 17:59:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/10/20 18:08:45 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/10/20 18:06:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 18:06:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/07/14 23:16:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\HOPGRTRN.ini
[2008/04/09 13:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/10/24 15:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2010/04/11 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/27 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/03 14:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/08/06 15:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/18 16:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/26 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/12/07 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/02 00:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Blitware
[2008/08/16 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/02 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\HotSync
[2009/08/06 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Juniper Networks
[2008/11/01 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\LimeWire
[2010/03/22 00:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2009/04/15 11:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\TeamViewer
[2010/01/12 23:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Vivox
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/06 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/01/10 03:54:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/16 12:54:54 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 12:39:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/16 17:20:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/06/07 20:25:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/07 18:06:13 | 000,034,182 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.05.19_log.txt
[2010/06/07 18:12:21 | 000,031,794 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.12.12_log.txt
[2010/06/07 18:20:00 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.19.45_log.txt
[2010/06/07 18:21:20 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.21.07_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/09 05:04:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/09 05:04:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/09 05:04:04 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< End of report >
PRC - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
PRC - [2010/06/02 11:37:21 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:37:18 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:37:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:37:12 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:37:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/22 10:45:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/23 04:53:30 | 003,633,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/03/09 06:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
MOD - [2009/03/23 04:36:40 | 000,065,536 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TV.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/08/02 20:03:00 | 002,627,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/02 20:03:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2001/08/17 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/22 00:12:38 | 000,000,000 | ---D | M]

[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions
[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions\[email protected]
[2008/10/27 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions
[2008/10/27 20:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/12/25 03:31:25 | 000,001,523 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.159.110.45 www.google.com
O1 - Hosts: 78.159.110.45 www.google.de
O1 - Hosts: 78.159.110.45 www.google.fr
O1 - Hosts: 78.159.110.45 www.google.co.uk
O1 - Hosts: 78.159.110.45 www.google.com.br
O1 - Hosts: 78.159.110.45 www.google.it
O1 - Hosts: 78.159.110.45 www.google.es
O1 - Hosts: 78.159.110.45 www.google.co.jp
O1 - Hosts: 78.159.110.45 www.google.com.mx
O1 - Hosts: 78.159.110.45 www.google.ca
O1 - Hosts: 78.159.110.45 www.google.com.au
O1 - Hosts: 78.159.110.45 www.google.nl
O1 - Hosts: 78.159.110.45 www.google.co.za
O1 - Hosts: 78.159.110.45 www.google.be
O1 - Hosts: 78.159.110.45 www.google.gr
O1 - Hosts: 78.159.110.45 www.google.at
O1 - Hosts: 78.159.110.45 www.google.se
O1 - Hosts: 78.159.110.45 www.google.ch
O1 - Hosts: 78.159.110.45 www.google.pt
O1 - Hosts: 78.159.110.45 www.google.dk
O1 - Hosts: 78.159.110.45 www.google.fi
O1 - Hosts: 78.159.110.45 www.google.ie
O1 - Hosts: 78.159.110.45 www.google.no
O1 - Hosts: 78.159.110.45 search.yahoo.com
O1 - Hosts: 2 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mom Home\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 12:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:25:43 | 000,000,025 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ATTYahoo.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/07 18:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\gmer
[2010/06/07 18:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller
[2010/06/07 18:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\GooredFix Backups
[2010/06/07 17:50:51 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:50:40 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\New Folder
[2010/06/03 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2010/06/03 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/03 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/03 14:41:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom Home\Recent
[2010/06/02 12:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/14 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/05/02 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Music Zilla
[2010/05/02 00:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Apple Computer
[2010/05/02 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 00:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 00:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/02 00:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple
[2010/05/02 00:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/02 00:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/02 00:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple Computer
[2010/04/22 19:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Temp
[2010/04/22 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/22 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/22 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Accu-Chek Compass
[2010/04/22 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/22 00:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HPAppData
[2010/04/22 00:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/15 12:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/15 12:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Intuit
[2010/04/15 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/15 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IsolatedStorage
[2010/03/23 17:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HP
[2010/03/23 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\HP
[2010/03/23 16:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/03/23 16:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/03/23 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/03/23 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/23 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/03/22 00:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro

========== Files - Modified Within 90 Days ==========

[2010/06/07 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/07 22:25:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 22:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/07 20:27:32 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 20:27:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 20:27:23 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/07 20:25:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 20:25:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/07 20:24:39 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Mom Home\NTUSER.DAT
[2010/06/07 20:24:32 | 004,959,888 | -H-- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IconCache.db
[2010/06/07 18:25:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/07 17:48:22 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:47:40 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:47:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:25:07 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/07 10:24:31 | 060,783,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/07 10:20:39 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/06 22:42:33 | 000,369,670 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/05 23:51:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Microsoft Outlook.lnk
[2010/06/04 00:04:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mom Home\ntuser.ini
[2010/06/03 23:57:36 | 000,222,217 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:45:39 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 13:16:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/30 10:12:26 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/05/29 23:05:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 23:27:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 20:03:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:19:43 | 000,019,521 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:17:03 | 000,000,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/10 00:15:43 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:12 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/09 17:18:39 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\TEST.doc

========== Files Created - No Company Name ==========

[2010/06/07 20:25:37 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/07 18:25:48 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 17:50:40 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:20:58 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 17:20:57 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/06 22:42:30 | 000,369,670 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/03 23:57:34 | 000,222,217 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:46:08 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/03 14:45:39 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/01 13:16:25 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/27 20:03:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:15:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:17 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:14:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/10 00:14:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/04/16 00:38:40 | 001,024,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/23 17:24:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:33:19 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/24 13:31:17 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 17:59:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/10/20 18:08:45 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/10/20 18:06:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 18:06:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/07/14 23:16:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\HOPGRTRN.ini
[2008/04/09 13:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/10/24 15:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2010/04/11 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/27 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/03 14:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/08/06 15:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/18 16:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/26 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/12/07 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/02 00:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Blitware
[2008/08/16 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/02 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\HotSync
[2009/08/06 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Juniper Networks
[2008/11/01 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\LimeWire
[2010/03/22 00:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2009/04/15 11:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\TeamViewer
[2010/01/12 23:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Vivox
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/07 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/01/10 03:54:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/16 12:54:54 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 12:39:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/16 17:20:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/06/07 20:25:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/07 18:06:13 | 000,034,182 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.05.19_log.txt
[2010/06/07 18:12:21 | 000,031,794 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.12.12_log.txt
[2010/06/07 18:20:00 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.19.45_log.txt
[2010/06/07 18:21:20 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.21.07_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/09 05:04:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/09 05:04:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/09 05:04:04 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< End of report >


OTL logfile created on: 6/7/2010 10:53:42 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mom Home\Desktop\New Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.35 Gb Total Space | 49.88 Gb Free Space | 72.97% Space Free | Partition Type: NTFS
Drive D: | 246.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMHOME
Current User Name: Mom Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
PRC - [2010/06/02 11:37:21 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:37:18 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:37:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:37:12 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:37:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/22 10:45:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/23 04:53:30 | 003,633,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/03/09 06:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 16:38:22 | 000,689,456 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
MOD - [2009/03/23 04:36:40 | 000,065,536 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TV.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/08/02 20:03:00 | 002,627,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/02 20:03:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2001/08/17 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/22 00:12:38 | 000,000,000 | ---D | M]

[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions
[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions\[email protected]
[2008/10/27 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions
[2008/10/27 20:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/12/25 03:31:25 | 000,001,523 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.159.110.45 www.google.com
O1 - Hosts: 78.159.110.45 www.google.de
O1 - Hosts: 78.159.110.45 www.google.fr
O1 - Hosts: 78.159.110.45 www.google.co.uk
O1 - Hosts: 78.159.110.45 www.google.com.br
O1 - Hosts: 78.159.110.45 www.google.it
O1 - Hosts: 78.159.110.45 www.google.es
O1 - Hosts: 78.159.110.45 www.google.co.jp
O1 - Hosts: 78.159.110.45 www.google.com.mx
O1 - Hosts: 78.159.110.45 www.google.ca
O1 - Hosts: 78.159.110.45 www.google.com.au
O1 - Hosts: 78.159.110.45 www.google.nl
O1 - Hosts: 78.159.110.45 www.google.co.za
O1 - Hosts: 78.159.110.45 www.google.be
O1 - Hosts: 78.159.110.45 www.google.gr
O1 - Hosts: 78.159.110.45 www.google.at
O1 - Hosts: 78.159.110.45 www.google.se
O1 - Hosts: 78.159.110.45 www.google.ch
O1 - Hosts: 78.159.110.45 www.google.pt
O1 - Hosts: 78.159.110.45 www.google.dk
O1 - Hosts: 78.159.110.45 www.google.fi
O1 - Hosts: 78.159.110.45 www.google.ie
O1 - Hosts: 78.159.110.45 www.google.no
O1 - Hosts: 78.159.110.45 search.yahoo.com
O1 - Hosts: 2 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mom Home\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 12:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:25:43 | 000,000,025 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ATTYahoo.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/09 04:58:03 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/07 18:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\gmer
[2010/06/07 18:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller
[2010/06/07 18:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\GooredFix Backups
[2010/06/07 17:50:51 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:50:40 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\New Folder
[2010/06/03 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2010/06/03 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/03 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/03 14:41:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom Home\Recent
[2010/06/02 12:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/14 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/07 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\My Documents\My Scans
[2010/05/03 21:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\sidnei music 2
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\downloads
[2010/05/02 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Music Zilla
[2010/05/02 00:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\sidnei music
[2010/05/02 00:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Apple Computer
[2010/05/02 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 00:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 00:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/02 00:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple
[2010/05/02 00:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/02 00:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/02 00:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple Computer
[2010/04/22 19:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Temp
[2010/04/22 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/22 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/22 10:53:39 | 001,318,912 | ---- | C] (Stingray Software Inc.) -- C:\WINDOWS\System32\OT603as.dll
[2010/04/22 10:53:39 | 000,307,200 | ---- | C] (Logikos, Inc.) -- C:\WINDOWS\System32\LogControls.ocx
[2010/04/22 10:53:39 | 000,172,032 | ---- | C] (Stingray Software Inc.) -- C:\WINDOWS\System32\OSC611as.dll
[2010/04/22 10:53:38 | 001,396,736 | ---- | C] (Stingray, a division of Rogue Wave Software) -- C:\WINDOWS\System32\og702as.dll
[2010/04/22 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Accu-Chek Compass
[2010/04/22 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/22 00:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HPAppData
[2010/04/22 00:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/15 12:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/15 12:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Intuit
[2010/04/15 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/15 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IsolatedStorage
[2010/03/23 17:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HP
[2010/03/23 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\HP
[2010/03/23 16:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/03/23 16:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/03/23 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/03/23 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/23 16:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/03/23 16:39:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2010/03/23 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/03/23 16:35:38 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/03/22 00:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2010/03/12 20:19:06 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/06/07 22:25:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 22:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/07 20:27:32 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 20:27:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 20:27:23 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/07 20:25:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 20:25:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/07 20:24:39 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Mom Home\NTUSER.DAT
[2010/06/07 20:24:32 | 004,959,888 | -H-- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IconCache.db
[2010/06/07 18:25:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/07 17:48:22 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:47:40 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:47:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:25:07 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/07 10:24:31 | 060,783,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/07 10:20:39 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/06 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/06 22:42:33 | 000,369,670 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/05 23:51:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Microsoft Outlook.lnk
[2010/06/04 00:04:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mom Home\ntuser.ini
[2010/06/03 23:57:36 | 000,222,217 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:45:39 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 13:16:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/30 10:12:26 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/05/29 23:05:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 23:27:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 20:03:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:19:43 | 000,019,521 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:17:03 | 000,000,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/10 00:15:43 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:12 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/09 17:18:39 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\TEST.doc
[2010/05/02 14:48:03 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk
[2010/05/02 14:48:03 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Free Music Zilla.lnk
[2010/05/02 00:24:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/01 19:00:52 | 000,069,158 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Rancho Bernardo High School.mht
[2010/05/01 15:36:50 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\spider.sav
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:39:39 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\ALYSHA MARIE ACOSTA DOC..doc
[2010/04/23 13:30:35 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/22 10:53:40 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Accu-Chek Compass.lnk
[2010/04/22 00:25:12 | 000,045,872 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/22 00:22:29 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 00:13:54 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/04/22 00:06:23 | 000,077,352 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/04/22 00:00:08 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/17 17:01:55 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/04/17 12:27:04 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 23:43:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 17:24:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:56:14 | 000,176,399 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2010/03/23 16:55:47 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/23 16:44:35 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/23 16:40:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/14 21:36:56 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 21:36:56 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 21:36:55 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 20:19:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010/06/07 20:25:37 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/07 18:25:48 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 17:50:40 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:20:58 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 17:20:57 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/06 22:42:30 | 000,369,670 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/03 23:57:34 | 000,222,217 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:46:08 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/03 14:45:39 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/01 13:16:25 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/27 20:03:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:15:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:17 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:14:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/10 00:14:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/05/02 14:48:03 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk
[2010/05/02 14:48:03 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\Free Music Zilla.lnk
[2010/05/02 00:26:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 00:24:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/02 00:23:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/01 19:00:49 | 000,069,158 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Rancho Bernardo High School.mht
[2010/04/28 21:39:38 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\ALYSHA MARIE ACOSTA DOC..doc
[2010/04/22 19:06:32 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/22 19:06:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/22 10:53:43 | 000,001,078 | ---- | C] () -- C:\WINDOWS\System32\rdaccug.ico
[2010/04/22 10:53:40 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Accu-Chek Compass.lnk
[2010/04/22 00:10:51 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/04/22 00:00:08 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/21 23:56:14 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/17 14:47:11 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/04/16 00:38:40 | 001,024,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/15 12:23:08 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 23:43:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 17:24:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:50:03 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/03/23 16:44:35 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/23 16:39:33 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/03/23 16:33:19 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/23 16:33:18 | 000,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/03/23 16:33:17 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/10/24 13:31:17 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 17:59:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/10/20 18:08:45 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/10/20 18:06:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 18:06:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/07/14 23:16:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\HOPGRTRN.ini
[2008/04/09 13:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/10/24 15:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2010/04/11 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/27 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/03 14:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/08/06 15:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/18 16:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/26 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/12/07 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/02 00:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Blitware
[2008/08/16 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/02 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\HotSync
[2009/08/06 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Juniper Networks
[2008/11/01 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\LimeWire
[2010/03/22 00:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2009/04/15 11:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\TeamViewer
[2010/01/12 23:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Vivox
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/06 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/01/10 03:54:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/16 12:54:54 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 12:39:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/16 17:20:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/06/07 20:25:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/07 18:06:13 | 000,034,182 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.05.19_log.txt
[2010/06/07 18:12:21 | 000,031,794 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.12.12_log.txt
[2010/06/07 18:20:00 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.19.45_log.txt
[2010/06/07 18:21:20 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.21.07_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/09 05:04:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/09 05:04:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/09 05:04:04 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< End of report >
PRC - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
PRC - [2010/06/02 11:37:21 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:37:18 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:37:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:37:12 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:37:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/22 10:45:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/23 04:53:30 | 003,633,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/03/09 06:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
MOD - [2009/03/23 04:36:40 | 000,065,536 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TV.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/08/02 20:03:00 | 002,627,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/02 20:03:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2001/08/17 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/22 00:12:38 | 000,000,000 | ---D | M]

[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions
[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions\[email protected]
[2008/10/27 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions
[2008/10/27 20:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/12/25 03:31:25 | 000,001,523 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.159.110.45 www.google.com
O1 - Hosts: 78.159.110.45 www.google.de
O1 - Hosts: 78.159.110.45 www.google.fr
O1 - Hosts: 78.159.110.45 www.google.co.uk
O1 - Hosts: 78.159.110.45 www.google.com.br
O1 - Hosts: 78.159.110.45 www.google.it
O1 - Hosts: 78.159.110.45 www.google.es
O1 - Hosts: 78.159.110.45 www.google.co.jp
O1 - Hosts: 78.159.110.45 www.google.com.mx
O1 - Hosts: 78.159.110.45 www.google.ca
O1 - Hosts: 78.159.110.45 www.google.com.au
O1 - Hosts: 78.159.110.45 www.google.nl
O1 - Hosts: 78.159.110.45 www.google.co.za
O1 - Hosts: 78.159.110.45 www.google.be
O1 - Hosts: 78.159.110.45 www.google.gr
O1 - Hosts: 78.159.110.45 www.google.at
O1 - Hosts: 78.159.110.45 www.google.se
O1 - Hosts: 78.159.110.45 www.google.ch
O1 - Hosts: 78.159.110.45 www.google.pt
O1 - Hosts: 78.159.110.45 www.google.dk
O1 - Hosts: 78.159.110.45 www.google.fi
O1 - Hosts: 78.159.110.45 www.google.ie
O1 - Hosts: 78.159.110.45 www.google.no
O1 - Hosts: 78.159.110.45 search.yahoo.com
O1 - Hosts: 2 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mom Home\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 12:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:25:43 | 000,000,025 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ATTYahoo.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/07 18:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\gmer
[2010/06/07 18:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller
[2010/06/07 18:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\GooredFix Backups
[2010/06/07 17:50:51 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:50:40 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\New Folder
[2010/06/03 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2010/06/03 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/03 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/03 14:41:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom Home\Recent
[2010/06/02 12:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/14 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/05/02 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Music Zilla
[2010/05/02 00:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Apple Computer
[2010/05/02 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 00:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 00:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/02 00:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple
[2010/05/02 00:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/02 00:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/02 00:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple Computer
[2010/04/22 19:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Temp
[2010/04/22 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/22 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/22 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Accu-Chek Compass
[2010/04/22 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/22 00:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HPAppData
[2010/04/22 00:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/15 12:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/15 12:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Intuit
[2010/04/15 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/15 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IsolatedStorage
[2010/03/23 17:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HP
[2010/03/23 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\HP
[2010/03/23 16:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/03/23 16:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/03/23 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/03/23 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/23 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/03/22 00:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro

========== Files - Modified Within 90 Days ==========

[2010/06/07 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/07 22:25:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 22:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/07 20:27:32 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 20:27:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 20:27:23 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/07 20:25:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 20:25:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/07 20:24:39 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Mom Home\NTUSER.DAT
[2010/06/07 20:24:32 | 004,959,888 | -H-- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IconCache.db
[2010/06/07 18:25:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/07 17:48:22 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:47:40 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mom Home\Desktop\GooredFix.exe
[2010/06/07 17:47:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\TFC.exe
[2010/06/07 17:25:07 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/07 10:24:31 | 060,783,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/07 10:20:39 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/06 22:42:33 | 000,369,670 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/05 23:51:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Microsoft Outlook.lnk
[2010/06/04 00:04:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mom Home\ntuser.ini
[2010/06/03 23:57:36 | 000,222,217 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:45:39 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 13:16:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/30 10:12:26 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/05/29 23:05:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 23:27:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 20:03:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:19:43 | 000,019,521 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:17:03 | 000,000,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/10 00:15:43 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:12 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/09 17:18:39 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\TEST.doc

========== Files Created - No Company Name ==========

[2010/06/07 20:25:37 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/07 18:25:48 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\gmer.zip
[2010/06/07 17:50:40 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\tdsskiller.zip
[2010/06/07 17:20:58 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 17:20:57 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/06 22:42:30 | 000,369,670 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/03 23:57:34 | 000,222,217 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:46:08 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/03 14:45:39 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/01 13:16:25 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/27 20:03:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:15:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:17 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:14:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/10 00:14:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/04/16 00:38:40 | 001,024,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/23 17:24:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:33:19 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/24 13:31:17 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 17:59:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/10/20 18:08:45 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/10/20 18:06:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 18:06:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/07/14 23:16:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\HOPGRTRN.ini
[2008/04/09 13:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/10/24 15:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2010/04/11 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/27 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/03 14:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/08/06 15:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/18 16:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/26 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/12/07 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/02 00:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Blitware
[2008/08/16 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/02 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\HotSync
[2009/08/06 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Juniper Networks
[2008/11/01 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\LimeWire
[2010/03/22 00:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2009/04/15 11:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\TeamViewer
[2010/01/12 23:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Vivox
[2010/06/03 00:57:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/03 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/03 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/07 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/07 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/07 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/07 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/07 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/06 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/06 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/07 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/07 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/07 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/03 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/03 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/03 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/03 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/03 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/03 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/01/10 03:54:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/09 12:24:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/16 12:54:54 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/06/07 20:25:37 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 12:39:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/09 12:24:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/16 17:20:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/06/07 20:25:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/07 18:06:13 | 000,034,182 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.05.19_log.txt
[2010/06/07 18:12:21 | 000,031,794 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.12.12_log.txt
[2010/06/07 18:20:00 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.19.45_log.txt
[2010/06/07 18:21:20 | 000,031,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_07.06.2010_18.21.07_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/09 05:04:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/09 05:04:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/09 05:04:04 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< End of report >
  • 0

Advertisements


#2
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hello mlacosta, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:
  • I am in training and there might be a delay between posts because they have to be check by an expert.
  • Please post your logs, don't attach them unless stated.
  • Please read my posts carefully and if you have any questions ask.

I am looking at your logs now and will post back soon.

I also see you posted OTL.txt twice. Please post Extras.txt here.
  • 0

#3
mlacosta

mlacosta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks Mitch8, I appreciate any and all help you can provide.

I thought those logs looked similar :).

Here is the Extras log:

OTL Extras logfile created on: 6/7/2010 10:53:42 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mom Home\Desktop\New Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.35 Gb Total Space | 49.88 Gb Free Space | 72.97% Space Free | Partition Type: NTFS
Drive D: | 246.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMHOME
Current User Name: Mom Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\ATT-SST\McciBrowser.exe" = C:\Program Files\ATT-SST\McciBrowser.exe:*:Enabled:mcci+McciBrowser -- (Alcatel-Lucent)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Mom Home\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Mom Home\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1D3A636E-7CF6-44FF-8E31-35353187C312}" = Hooked on Phonics Letter Names
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39AAABD1-2CFB-11D5-8509-00A0CC231D06}" = Accu-Chek Meter Connectivity
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC4664AC-AA57-4DD2-93BE-54CDF57D63CE}" = Cricket Wireless PC Media Center 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D12A59A0-F614-11D3-B6EC-00105A29D78F}" = Accu-Chek Compass
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AT&T WorldNet Software" = AT&T WorldNet Setup
"ATT-RemoteControl" = ATT-RemoteControl
"ATT-SST" = AT&T Self Support Tool
"AVG9Uninstall" = AVG Free 9.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free Music Zilla_is1" = Free Music Zilla
"HitmanPro35" = Hitman Pro 3.5
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Java Web Start" = Java Web Start
"JSLG_PH" = JumpStart Learning Games Phonics
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Power Rangers" = Power Rangers
"Shop for HP Supplies" = Shop for HP Supplies
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2010 10:56:16 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2010 10:56:58 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2010 1:52:50 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2010 2:58:55 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2010 2:59:04 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/22/2010 7:04:58 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/22/2010 7:05:02 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/22/2010 7:05:05 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/22/2010 7:05:10 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/22/2010 7:48:13 PM | Computer Name = MOMHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/7/2010 9:00:00 PM | Computer Name = MOMHOME | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942405

Error - 6/7/2010 9:01:13 PM | Computer Name = MOMHOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 6/7/2010 9:07:54 PM | Computer Name = MOMHOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'klmdb.sys' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 6/7/2010 9:09:36 PM | Computer Name = MOMHOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 6/7/2010 9:17:00 PM | Computer Name = MOMHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/7/2010 9:17:58 PM | Computer Name = MOMHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm

Error - 6/7/2010 11:24:33 PM | Computer Name = MOMHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/7/2010 11:27:32 PM | Computer Name = MOMHOME | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 6/8/2010 | Computer Name = MOMHOME | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942405

Error - 6/8/2010 1:00:00 AM | Computer Name = MOMHOME | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942405


< End of report >
  • 0

#4
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Do you want the ask toolbar or Driver Robot installed on your computer?

Also I would recommend to remove LimeWire as it can easily infect your computer.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#5
mlacosta

mlacosta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
To answer your questions above:

Do you want the ask toolbar or Driver Robot installed on your computer? - These are not necessary, so no.

LimeWire has been removed

Here are the logs as requested. Thanks!

OTL logfile created on: 6/8/2010 6:11:06 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mom Home\Desktop\New Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.35 Gb Total Space | 49.77 Gb Free Space | 72.81% Space Free | Partition Type: NTFS
Drive D: | 246.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMHOME
Current User Name: Mom Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
PRC - [2010/06/02 11:37:21 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:37:18 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:37:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:37:12 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:37:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/22 10:45:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/23 04:53:30 | 003,633,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TeamViewer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 18:37:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom Home\Desktop\New Folder\OTL.exe
MOD - [2009/03/23 04:36:40 | 000,065,536 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Mom Home\temp\TeamViewer\Version4\TV.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 20:18:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/08/02 20:03:00 | 002,627,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/02 20:03:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2001/08/17 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/22 00:12:38 | 000,000,000 | ---D | M]

[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions
[2010/01/12 22:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Extensions\[email protected]
[2008/10/27 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions
[2008/10/27 20:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom Home\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/06/08 18:05:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mom Home\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 12:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:25:43 | 000,000,025 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7afe6e68-3e92-11dd-a484-001195053bc6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ATTYahoo.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/08 18:05:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/07 17:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\New Folder
[2010/06/03 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2010/06/03 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/03 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/03 14:41:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom Home\Recent
[2010/06/02 12:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/14 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/07 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\My Documents\My Scans
[2010/05/03 21:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\sidnei music 2
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/05/02 14:48:07 | 000,000,000 | ---D | C] -- C:\downloads
[2010/05/02 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Music Zilla
[2010/05/02 00:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Desktop\sidnei music
[2010/05/02 00:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Apple Computer
[2010/05/02 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 00:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 00:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 00:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/02 00:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple
[2010/05/02 00:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/02 00:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/02 00:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/02 00:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Apple Computer
[2010/04/22 19:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Temp
[2010/04/22 19:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/22 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/22 10:53:39 | 001,318,912 | ---- | C] (Stingray Software Inc.) -- C:\WINDOWS\System32\OT603as.dll
[2010/04/22 10:53:39 | 000,307,200 | ---- | C] (Logikos, Inc.) -- C:\WINDOWS\System32\LogControls.ocx
[2010/04/22 10:53:39 | 000,172,032 | ---- | C] (Stingray Software Inc.) -- C:\WINDOWS\System32\OSC611as.dll
[2010/04/22 10:53:38 | 001,396,736 | ---- | C] (Stingray, a division of Rogue Wave Software) -- C:\WINDOWS\System32\og702as.dll
[2010/04/22 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Accu-Chek Compass
[2010/04/22 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/22 00:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HPAppData
[2010/04/22 00:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/15 12:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/15 12:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\Intuit
[2010/04/15 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/15 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IsolatedStorage
[2010/03/23 17:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\HP
[2010/03/23 16:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\HP
[2010/03/23 16:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/03/23 16:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/03/23 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/03/23 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/23 16:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/03/23 16:39:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2010/03/23 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/03/23 16:35:38 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/03/22 00:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2010/03/12 20:19:06 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/06/08 18:09:10 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/08 18:08:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/08 18:08:50 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/08 18:08:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/08 18:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/08 18:08:31 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/08 18:07:26 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Mom Home\NTUSER.DAT
[2010/06/08 18:07:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mom Home\ntuser.ini
[2010/06/08 18:05:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/08 17:26:12 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/08 17:25:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/08 17:16:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/08 16:28:52 | 060,836,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/08 16:27:08 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/07 23:36:15 | 005,729,582 | -H-- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\IconCache.db
[2010/06/07 23:32:33 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Microsoft Outlook.lnk
[2010/06/06 22:42:33 | 000,369,670 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/03 23:57:36 | 000,222,217 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:45:39 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/02 11:37:19 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:37:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 13:16:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/30 10:12:26 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/05/29 23:05:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 23:27:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 20:03:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:19:43 | 000,019,521 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:17:03 | 000,000,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/10 00:15:43 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:12 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/09 17:18:39 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\TEST.doc
[2010/05/02 14:48:03 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk
[2010/05/02 14:48:03 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Mom Home\Desktop\Free Music Zilla.lnk
[2010/05/02 00:24:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/01 19:00:52 | 000,069,158 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\Rancho Bernardo High School.mht
[2010/05/01 15:36:50 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\spider.sav
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:39:39 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Mom Home\My Documents\ALYSHA MARIE ACOSTA DOC..doc
[2010/04/23 13:30:35 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/22 10:53:40 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Accu-Chek Compass.lnk
[2010/04/22 00:25:12 | 000,045,872 | ---- | M] () -- C:\Documents and Settings\Mom Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/22 00:22:29 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 00:13:54 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/04/22 00:06:23 | 000,077,352 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/04/22 00:00:08 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/17 17:01:55 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/04/17 12:27:04 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 23:43:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 17:24:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:56:14 | 000,176,399 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2010/03/23 16:55:47 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/23 16:44:35 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/23 16:40:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 16:40:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/14 21:36:56 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 21:36:56 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 21:36:55 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 20:19:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 20:18:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010/06/07 20:25:37 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/07 17:20:58 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004UA.job
[2010/06/07 17:20:57 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1682526488-725345543-1004Core.job
[2010/06/06 22:42:30 | 000,369,670 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\BackJoy Core ฎ - Official Site As Seen on TV.mht
[2010/06/03 23:57:34 | 000,222,217 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\PUSD Enrollment 2009-10.mht
[2010/06/03 23:55:14 | 000,206,965 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\2010_EnrollmentForm_ElectronicFina5_4.pdf
[2010/06/03 14:46:08 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/03 14:45:39 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/06/01 13:16:25 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Clutton.doc
[2010/05/27 20:03:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mom Home\My Documents\~$e best of the best.doc
[2010/05/10 00:15:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.5.lnk
[2010/05/10 00:14:17 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/10 00:14:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/05/10 00:14:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/05/02 14:48:03 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Mom Home\Start Menu\Programs\Startup\Free Music Zilla.lnk
[2010/05/02 14:48:03 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Mom Home\Desktop\Free Music Zilla.lnk
[2010/05/02 00:26:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 00:24:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/02 00:23:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/01 19:00:49 | 000,069,158 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\Rancho Bernardo High School.mht
[2010/04/28 21:39:38 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Mom Home\My Documents\ALYSHA MARIE ACOSTA DOC..doc
[2010/04/22 19:06:32 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/22 19:06:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/22 10:53:43 | 000,001,078 | ---- | C] () -- C:\WINDOWS\System32\rdaccug.ico
[2010/04/22 10:53:40 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Accu-Chek Compass.lnk
[2010/04/22 00:10:51 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/04/22 00:00:08 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/21 23:56:14 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/17 14:47:11 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/04/16 00:38:40 | 001,024,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/15 12:23:08 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/14 23:43:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 17:24:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom Home\Ÿ9Ÿ9
[2010/03/23 16:50:03 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/03/23 16:44:35 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/23 16:39:33 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/03/23 16:33:19 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/23 16:33:18 | 000,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/03/23 16:33:17 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/10/24 13:31:17 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 17:59:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/10/20 18:08:45 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/10/20 18:06:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 18:06:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/07/14 23:16:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\HOPGRTRN.ini
[2008/04/09 13:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/10/24 15:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2010/04/11 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/27 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/03 14:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/08/06 15:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/18 16:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/26 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/12/07 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/02 00:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Blitware
[2008/08/16 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/02 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\FMZilla
[2010/02/12 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\HotSync
[2009/08/06 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Juniper Networks
[2008/11/01 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\LimeWire
[2010/03/22 00:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Smith Micro
[2009/04/15 11:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\TeamViewer
[2010/01/12 23:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Vivox
[2010/01/10 03:54:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========


< End of report >


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4182

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/8/2010 6:24:32 PM
mbam-log-2010-06-08 (18-24-32).txt

Scan type: Quick scan
Objects scanned: 129065
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, June 9, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 08, 2010 23:56:26
Records in database: 4220025
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 55602
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:23:13

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#6
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Do you get any more redirects?

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    [2010/01/10 03:54:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
    [2008/11/01 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\LimeWire
    [2009/10/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Home\Application Data\Blitware
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\AskSearch
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    *ask*
    *Blitware*
    *Driver Robot*
    *DriverRobot*
    
    :regfind
    AskSearch
    DriverRobot
    Driver Robot
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
mlacosta

mlacosta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
mitch8,

No more re-directs :) here is the latest log.


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:11 on 18/06/2010 by Mom Home (Administrator - Elevation successful)

========== folderfind ==========

Searching for "*ask*"
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks d----- [06:51 10/06/2010]
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5 d----- [08:09 15/08/2009]
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks d----- [08:08 15/08/2009]
C:\WINDOWS\Tasks d---s- [19:20 09/04/2008]
C:\_OTL\MovedFiles\06082010_180543\C_WINDOWS\tasks d----- [01:05 09/06/2010]
C:\_OTL\MovedFiles\06182010_110522\C_Program Files\AskSearch d----- [18:05 18/06/2010]
C:\_OTL\MovedFiles\06182010_110522\C_WINDOWS\Tasks d----- [18:05 18/06/2010]

Searching for "*Blitware*"
C:\_OTL\MovedFiles\06182010_110522\C_Documents and Settings\Mom Home\Application Data\Blitware d----- [18:05 18/06/2010]

Searching for "*Driver Robot*"
No folders found.

Searching for "*DriverRobot*"
C:\_OTL\MovedFiles\06182010_110522\C_Documents and Settings\Mom Home\Application Data\Blitware\DriverRobot d----- [18:05 18/06/2010]

========== regfind ==========

Searching for "AskSearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}\1.0\0\win32]
@="C:\Program Files\AskSearch\bin\DefaultSearch.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}\1.0\HELPDIR]
@="C:\Program Files\AskSearch\bin\"

Searching for "DriverRobot"
No data found.

Searching for "Driver Robot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Driver Robot]

-=End Of File=-
  • 0

#9
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
It looks like you log is clean :) You need to remove the malware removal tools from your computer, to do that:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    :Services
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Driver Robot]
    
    :Files
    
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top
  • Let the program run untill finished.
  • Once done, run OTL and click on CleanUp, this should remove the malware removal tools from your computer.

Please follow the steps below to keep your computer clean.

  • Update your computer - To check for updates yourself go to http://windowsupdate.microsoft.com It is very important to check for updates often as my security problems are fixed with updates. Also make sure your computer will update automatically, to do that:
    • Go the control panel
    • Click on security center
    • Then "Automatic Updates"
    • Select Automatic (recommended)
    • Pick the time and click ok
  • Update Java - It's very important to keep java up to date because older versions have vulnerabilities that malware can use to infect your system.
    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  • Update Adobe Reader- It's good to keep Adobe Reader updated to because many security problems are fixed in updates. To check for updates:
    • Open Adobe Reader
    • On the menu bar click on help then check for updates...
    • The program will then tell you if updates are available
  • Anti-spyware programs - These programs will scan your computer and delete spyware. If you do not have any anti-spyware programs on your computer I recommend:
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A good tutorial on SpywareBlaster can be found at http://www.bleepingcomputer.com/tutorials/tutorial49.html
  • Prevention - Here are some other programs that will help you say safe on your computer:
  • Update your security software! You have to update you security software to make sure your computer is safe from new malware threats.
  • And also see TonyKlein's article
    So how did I get infected in the first place?

  • 0

#10
mlacosta

mlacosta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
THANK YOU, THANK YOU, THANK YOU!!

:)
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP