Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Removal Help

Started by Rimo , Mar 09 2011 01:31 PM

  • Please log in to reply

#1
Rimo
Posted 09 March 2011 - 01:31 PM

Rimo

    Member

  • Member
  • PipPip
  • 26 posts
So, long story short, I'm a returning customer. I think it's been a little over a year and a half since I last visited. But, my computer was running fine two weeks ago. Now it seems to be running considerably slower and I just wanted some help checking into things as I believe it's most likely a virus causing this problem. Here is my OTL log.



OTL logfile created on: 3/9/2011 1:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Linda\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 29.96 Gb Free Space | 21.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.43% Space Free | Partition Type: NTFS

Computer Name: GLENN-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Linda\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Game Booster\gbtray.exe (IObit)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Linda\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccess) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Stereo Service) -- C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4070312
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.26
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.010.006.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.http: "66.29.36.93"
FF - prefs.js..network.proxy.http_port: 554


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 08:05:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/10/26 08:07:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\Firefox [2011/01/29 17:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/27 17:56:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/27 17:56:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/01 15:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 07:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 07:13:37 | 000,000,000 | ---D | M]

[2009/06/04 00:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2009/02/01 19:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/05 21:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions
[2010/08/31 11:38:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/25 23:43:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/15 11:31:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/23 04:52:23 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/10/19 09:28:10 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2009/09/29 19:06:45 | 000,000,000 | ---D | M] (K.O.S. Web Launcher) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\[email protected]
[2009/07/23 03:44:56 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\[email protected]
[2010/10/19 09:28:05 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\extensions\[email protected]
[2009/12/23 18:59:58 | 000,000,923 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\searchplugins\conduit.xml
[2011/03/05 21:52:48 | 000,001,540 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\96xukdwg.default\searchplugins\swagbuckscom.xml
[2011/01/06 01:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 01:35:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/16 15:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 15:03:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/01 15:45:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/11/24 08:05:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/10/26 08:07:49 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]
[2010/10/19 09:29:40 | 000,000,000 | ---D | M] (Gamevance TextLinks) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2011/03/09 12:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\LINDA\PROGRAM FILES\DNA
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/09/24 00:19:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [Steam] File not found
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {10060452-A92B-4427-8E06-46904B8A3678} http://neo.playomg.c...veX/OMG3008.cab (OMG Control)
O16 - DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} http://channel.dontb...her/StWbUsa.cab (StWbUsa Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 03:02:19 | 000,000,000 | ---D | C] -- C:\211a51bf2c3720d12f4e
[2011/03/08 04:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/03/07 03:08:12 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\TS3Client
[2011/03/07 03:07:44 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/03/07 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\TeamSpeak 3 Client
[2011/03/06 01:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stunlock Studios
[2011/03/06 01:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/03/02 03:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShiftWindow
[2011/03/02 03:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\ShiftWindow
[2011/03/02 00:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2011/03/02 00:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\alaplaya
[2011/03/01 15:46:31 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/01 15:46:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/01 15:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/01 15:46:30 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/01 15:46:29 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/01 15:46:29 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/01 15:46:29 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/01 15:45:48 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/01 15:45:47 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/01 15:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/01 15:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/01 15:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/03/01 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\League of Legends
[2011/02/25 02:34:52 | 000,000,000 | ---D | C] -- C:\Download
[2011/02/25 02:34:32 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Kamuse
[2011/02/23 10:48:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/22 04:13:54 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\Junk
[2011/02/22 04:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011/02/22 04:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/02/22 04:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\SplitMediaLabs
[2011/02/19 14:34:57 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Saved Music
[2011/02/19 14:34:39 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\SProxy
[2011/02/19 14:34:37 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saver2
[2011/02/19 14:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Saver2
[2011/02/19 03:26:40 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/02/18 14:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/02/18 14:39:08 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Paint.NET
[2011/02/10 01:59:28 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011/02/08 03:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji
[2011/02/08 03:15:24 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2011/02/08 03:15:24 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2011/02/08 03:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\REACTOR
[2011/02/07 14:02:50 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\DolbyAxon
[2011/02/07 14:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
[2011/02/07 14:02:33 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.0.0.ocx
[2011/02/07 14:02:33 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v13.0.0.ocx
[2011/02/07 14:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\DolbyAxon
[2007/07/18 18:49:35 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/03/11 18:47:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2007/03/11 18:47:57 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2007/03/11 18:47:57 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2007/03/11 18:47:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2007/03/11 18:47:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2007/03/11 18:47:57 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2007/03/11 18:47:57 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007/03/11 18:47:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2007/03/11 18:47:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2007/03/11 18:47:57 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2007/03/11 18:47:57 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007/03/11 18:47:57 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2007/03/11 18:47:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2007/03/11 18:47:57 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/09 13:03:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 12:22:08 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/09 12:20:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 12:20:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 12:20:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 12:20:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 11:59:59 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\RegistryTool Scan.job
[2011/03/09 09:38:56 | 072,297,402 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/03/08 18:59:59 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/03/08 17:30:23 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Linda.job
[2011/03/08 08:41:51 | 000,000,629 | ---- | M] () -- C:\Users\Linda\Desktop\Play League of Legends.lnk
[2011/03/08 08:13:16 | 000,000,000 | ---- | M] () -- C:\Users\Linda\AppData\Local\prvlcl.dat
[2011/03/08 04:08:37 | 000,000,975 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011/03/08 04:08:37 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/03/08 04:08:37 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/03/08 02:23:11 | 000,741,635 | ---- | M] () -- C:\Users\Linda\Desktop\Jewplank.png
[2011/03/07 03:07:44 | 000,001,016 | ---- | M] () -- C:\Users\Linda\Desktop\TeamSpeak 3 Client.lnk
[2011/03/02 20:05:22 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/02 05:42:39 | 000,000,994 | ---- | M] () -- C:\Users\Linda\Desktop\XSplit Broadcaster.lnk
[2011/03/02 03:55:55 | 000,000,784 | ---- | M] () -- C:\Users\Linda\Desktop\ShiftWindow.lnk
[2011/03/02 00:26:13 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/03/01 15:46:31 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/01 15:46:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/01 14:51:01 | 000,000,772 | ---- | M] () -- C:\Users\Linda\Desktop\Ventrilo.lnk
[2011/03/01 01:13:14 | 000,001,356 | ---- | M] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2011/02/26 19:41:54 | 000,002,377 | ---- | M] () -- C:\Users\Linda\Desktop\Skype.lnk
[2011/02/25 19:19:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 09:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/19 14:34:37 | 000,001,678 | ---- | M] () -- C:\Users\Linda\Desktop\Pandora.lnk
[2011/02/19 14:34:37 | 000,000,778 | ---- | M] () -- C:\Users\Linda\Desktop\Saver2.lnk
[2011/02/17 11:48:06 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/17 11:48:06 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/17 02:28:46 | 207,028,841 | ---- | M] () -- C:\Users\Linda\Desktop\Chinese LoL Compilation 2.0.zip
[2011/02/10 01:59:32 | 000,001,632 | ---- | M] () -- C:\Users\Linda\Desktop\Grand Fantasia.lnk
[2011/02/09 12:48:04 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 03:16:10 | 000,001,716 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/02/08 03:16:10 | 000,001,714 | ---- | M] () -- C:\Users\Linda\Desktop\ijji REACTOR.lnk
[2011/02/07 14:02:37 | 000,000,753 | ---- | M] () -- C:\Users\Linda\Desktop\Dolby Axon.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/08 08:41:51 | 000,000,629 | ---- | C] () -- C:\Users\Linda\Desktop\Play League of Legends.lnk
[2011/03/08 04:08:37 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/03/08 04:08:37 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/03/08 02:23:18 | 000,741,635 | ---- | C] () -- C:\Users\Linda\Desktop\Jewplank.png
[2011/03/07 03:07:44 | 000,001,016 | ---- | C] () -- C:\Users\Linda\Desktop\TeamSpeak 3 Client.lnk
[2011/03/02 05:42:39 | 000,000,994 | ---- | C] () -- C:\Users\Linda\Desktop\XSplit Broadcaster.lnk
[2011/03/02 03:55:55 | 000,000,784 | ---- | C] () -- C:\Users\Linda\Desktop\ShiftWindow.lnk
[2011/03/02 00:26:13 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/03/01 15:46:31 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/01 14:51:01 | 000,000,772 | ---- | C] () -- C:\Users\Linda\Desktop\Ventrilo.lnk
[2011/02/25 19:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/02/23 10:45:37 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/23 10:45:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/23 10:45:37 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/19 14:34:37 | 000,001,678 | ---- | C] () -- C:\Users\Linda\Desktop\Pandora.lnk
[2011/02/19 14:34:37 | 000,000,778 | ---- | C] () -- C:\Users\Linda\Desktop\Saver2.lnk
[2011/02/18 14:42:32 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/02/17 02:33:45 | 207,028,841 | ---- | C] () -- C:\Users\Linda\Desktop\Chinese LoL Compilation 2.0.zip
[2011/02/10 01:59:32 | 000,001,632 | ---- | C] () -- C:\Users\Linda\Desktop\Grand Fantasia.lnk
[2011/02/08 03:16:10 | 000,001,716 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/02/08 03:16:10 | 000,001,714 | ---- | C] () -- C:\Users\Linda\Desktop\ijji REACTOR.lnk
[2011/02/07 14:02:37 | 000,000,753 | ---- | C] () -- C:\Users\Linda\Desktop\Dolby Axon.lnk
[2010/12/24 23:39:21 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/28 05:19:20 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/09/08 15:45:57 | 000,172,032 | ---- | C] () -- C:\Windows\System32\TTSServer.dll
[2010/09/06 15:52:49 | 000,000,000 | ---- | C] () -- C:\Windows\Setup32.INI
[2010/08/21 11:36:12 | 000,000,008 | -H-- | C] () -- C:\Users\Linda\AppData\Local\L8457789110
[2009/09/25 01:57:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/08 19:54:45 | 000,048,127 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/08 19:54:41 | 000,048,127 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/09 11:21:48 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2009/07/05 01:48:50 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/07/05 01:48:48 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/06/10 05:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009/04/24 07:30:41 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/18 08:29:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/18 08:29:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/06 17:06:54 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\prvlcl.dat
[2008/11/28 20:11:14 | 000,000,552 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d8caps.dat
[2008/10/25 10:15:30 | 000,002,633 | ---- | C] () -- C:\Windows\checkip.dat
[2008/09/02 18:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/24 07:42:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/12 07:39:55 | 000,159,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/08/12 07:39:50 | 000,182,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/08/12 07:39:42 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/07/06 14:31:58 | 000,001,356 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2008/06/25 10:03:27 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/06/25 10:03:27 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/06/25 10:03:27 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/03/03 18:06:06 | 000,044,544 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 18:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/07/18 18:50:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/07/18 18:49:35 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2007/03/11 18:47:57 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2007/03/11 18:47:57 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/03/11 18:47:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2007/03/11 18:47:57 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2007/03/11 18:47:57 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2007/03/11 18:47:57 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2007/03/11 18:47:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2007/03/11 18:47:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2007/03/11 18:47:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2007/03/11 18:47:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2007/03/11 18:47:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2007/03/11 18:47:54 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2007/03/11 18:47:54 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2007/03/11 18:47:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2007/03/11 18:47:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2007/03/11 11:10:26 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/03/11 11:10:26 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,313,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/02/13 07:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini

========== LOP Check ==========

[2008/09/06 19:56:27 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\acccore
[2011/03/09 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\DNA
[2011/02/01 15:04:16 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Downloaded Installations
[2010/10/21 08:27:39 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Dreamlords
[2008/12/31 21:23:38 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\dyyno-vlc
[2010/08/21 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\FileMaker
[2009/02/18 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\GrabPro
[2009/09/20 23:13:14 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\ijjigame
[2011/03/08 04:08:24 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\IObit
[2009/03/14 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\LimeWire
[2010/06/11 16:58:49 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\LolClient
[2009/11/15 22:51:51 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011/02/06 03:53:06 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Mumble
[2008/03/03 18:45:41 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\MusicNet
[2010/01/02 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Octoshape
[2009/10/26 22:18:15 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Orbit
[2010/12/14 07:30:51 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Registry Mechanic
[2011/01/25 12:05:19 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\RIFT
[2011/03/08 14:49:21 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SProxy
[2010/10/21 08:27:42 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SystemRequirementsLab
[2011/02/25 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\TeamViewer
[2011/03/07 03:09:24 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\TS3Client
[2009/09/25 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\uTorrent
[2011/03/09 12:22:08 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011/03/09 11:59:59 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\RegistryTool Scan.job
[2010/09/12 16:17:12 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
[2011/03/08 18:59:59 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/03/09 09:41:26 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


There was also this Extras.txt which I attached just now.
Thanks for the help guys!

Attached Files


Edited by Rimo, 09 March 2011 - 01:37 PM.

  • 0

Advertisements

#2
RKinner
Posted 15 March 2011 - 08:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP
Uninstall:

AVG 9.0 - it's obsolete and you also have Avast which will be fighting it and slowing your PC down.

Yahoo! Toolbar - foistware

Yahoo! Search Protection - foistware

DNA - P2P - dangerous

Yahoo! BrowserPlus 2.9.8

Registry Mechanic 10.0 - snake oil

Messenger Plus! Live - Uninstall if NOT Messenger Plus! Live version 4.84 or later (earlier version come with a nasty adware as a "sponsor"

McAfee Security Scan Plus - Foistware from Adobe upgrades

Advanced SystemCare 3 - Junk

Bing Bar - Adware

Bing Bar Platform - Adware

Bing Rewards Client Installer - Adware

Internet Service Offers Launcher - Adware

Microsoft Choice Guard - Foistware from Microsoft

If it's still slow then:

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and Run As Adminsitrator. Follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right-click on george and Run As Adminisitrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Close all programs.

Start, Programs, right click on Internet Explorer and Run as Administrator then go to to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also run the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron

PS. Do not attach logs. Just copy and paste please.
  • 0

#3
Rimo
Posted 18 March 2011 - 10:38 AM

Rimo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Sorry for the late reply. I've been really busy with work, and actually have to go back in right now. I uninstalled all of the programs you mentioned and I'm running the Malwarebytes scan right this moment. I'll paste the log when I get back as well as run the rest of the scans.

Sorry again. ^_^;
  • 0

#4
RKinner
Posted 18 March 2011 - 11:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP
No hurry. I have so many threads going at one time that I can't keep track. Just look at them when I get an email that there has been a new post.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP