Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bad issues with Google Redirects and Permissions

Started by Cheri430 , Sep 01 2011 11:34 AM

  • This topic is locked This topic is locked

#16
Cheri430
Posted 05 September 2011 - 06:23 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Everything seems to be working again!!!! I don't have issues with redirects. I was able to run AVG remover without getting the permissions message and it actually removed all of AVG when I check Add or Remove Programs. Here is the report.

ComboFix 11-09-05.05 - Cheri 09/05/2011 18:44:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1678 [GMT -5:00]
Running from: c:\documents and settings\Cheri\Desktop\Winlogin.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bold.log
c:\documents and settings\All Users\AVP 2009
c:\documents and settings\Cheri\Application Data\Adobe\plugs
c:\documents and settings\Cheri\Application Data\Adobe\plugs\KB796871265.exe
c:\documents and settings\Cheri\Application Data\Adobe\plugs\KB796871406.exe
c:\documents and settings\Cheri\Application Data\Adobe\plugs\KB796896062.exe
c:\documents and settings\Cheri\Application Data\Adobe\plugs\KB796896390.exe
c:\documents and settings\Cheri\Application Data\Adobe\plugs\KB796903171.exe
c:\documents and settings\Cheri\Application Data\Adobe\shed
c:\documents and settings\Cheri\WINDOWS
c:\program files\Fast Browser Search
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\006FD545.urr
c:\program files\FunWebProducts\Shared\0069E6E6.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BRovly.dll
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHllvw.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0004DD9B
c:\program files\MyWebSearch\bar\Cache\00090A64.bin
c:\program files\MyWebSearch\bar\Cache\0009135D.bin
c:\program files\MyWebSearch\bar\Cache\0064AC18
c:\program files\MyWebSearch\bar\Cache\0064BF81.bin
c:\program files\MyWebSearch\bar\Cache\0064C27E.bin
c:\program files\MyWebSearch\bar\Cache\0064CB39.bin
c:\program files\MyWebSearch\bar\Cache\0064CEA4.bin
c:\program files\MyWebSearch\bar\Cache\00F7D010.bin
c:\program files\MyWebSearch\bar\Cache\00F7D407.bin
c:\program files\MyWebSearch\bar\Cache\00F7D550.bin
c:\program files\MyWebSearch\bar\Cache\00F7E1F2.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\hs_err_pid4072.log
c:\program files\MyWebSearch\bar\Settings\hs_err_pid424.log
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\$NtUninstallKB58088$
c:\windows\$NtUninstallKB58088$\3614455943
c:\windows\$NtUninstallKB58088$\4210943978\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB58088$\4210943978\click.tlb
c:\windows\$NtUninstallKB58088$\4210943978\L\ylzjevmo
c:\windows\$NtUninstallKB58088$\4210943978\loader.tlb
c:\windows\$NtUninstallKB58088$\4210943978\U\@00000001
c:\windows\$NtUninstallKB58088$\4210943978\U\@000000c0
c:\windows\$NtUninstallKB58088$\4210943978\U\@000000cb
c:\windows\$NtUninstallKB58088$\4210943978\U\@000000cf
c:\windows\$NtUninstallKB58088$\4210943978\U\@80000000
c:\windows\$NtUninstallKB58088$\4210943978\U\@800000c0
c:\windows\$NtUninstallKB58088$\4210943978\U\@800000cb
c:\windows\$NtUninstallKB58088$\4210943978\U\@800000cf
c:\windows\system32\c_90571.nls
c:\windows\system32\comct332.ocx
c:\windows\system32\f3PSSavr.scr
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
c:\windows\system32\acs.exe . . . is infected!!
c:\windows\system32\acs.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6AE85D80-C2F6-4E8D-99AE-8EDC8F4E4B2E}\RP36\A0013704.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6AE85D80-C2F6-4E8D-99AE-8EDC8F4E4B2E}\RP12\A0006289.exe
.
c:\windows\system32\dleacoms.exe . . . is infected!!
c:\windows\system32\dleacoms.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\windows\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe was found and disinfected
Restored copy from - c:\windows\system32\spool\drivers\w32x86\dellv310_v510_seriesc2c2\dleaserv.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6AE85D80-C2F6-4E8D-99AE-8EDC8F4E4B2E}\RP16\A0009686.exe
.
c:\windows\system32\nlssrv32.exe . . . is infected!!
c:\windows\system32\nlssrv32.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\SearchIndexer.exe . . . is infected!!
c:\windows\system32\SearchIndexer.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_fafde7ea
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 23:38 . 2011-02-16 13:22 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-09-05 23:38 . 2011-02-16 13:22 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-04 23:04 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2011-09-04 22:59 . 2011-09-04 22:59 -------- d-----w- C:\_OTL
2011-09-01 04:50 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-01 04:50 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-09-01 04:50 . 2011-09-01 04:50 -------- d-----w- C:\VIPRERESCUE
2011-09-01 03:10 . 2011-09-01 03:10 -------- d-----w- c:\documents and settings\Cheri\Application Data\Malwarebytes
2011-09-01 03:10 . 2011-09-01 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-01 01:55 . 2011-09-01 01:55 -------- d-----w- c:\program files\Bonjour
2011-08-30 04:01 . 2011-09-01 02:44 45328 --sha-w- c:\windows\system32\c_90571.nl_
2011-08-30 03:43 . 2011-08-30 03:43 -------- d-----w- C:\_OTM
2011-08-29 03:26 . 2011-08-29 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell V310-V510 Series
2011-08-28 20:35 . 2011-08-30 04:47 -------- d-----w- C:\AVGTemp
2011-08-28 20:20 . 2011-08-28 20:20 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2011-08-28 20:20 . 2011-08-28 22:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2011-08-28 20:19 . 2011-08-28 20:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2011-08-28 20:19 . 2011-08-28 20:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2011-08-28 20:19 . 2011-08-28 20:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2011-08-28 20:19 . 2011-08-28 20:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2011-08-28 20:19 . 2011-08-28 20:19 -------- d-----w- c:\documents and settings\Owner\Application Data\V310-V510 Series
2011-08-28 20:18 . 2011-08-28 20:18 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2011-08-25 00:00 . 2011-08-25 00:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-08-12 02:57 . 2011-08-12 03:13 -------- d-----w- c:\documents and settings\Cheri\Application Data\AVG
2011-08-12 02:53 . 2011-08-12 02:53 -------- d-----w- c:\program files\Common Files\Java
2011-08-12 02:52 . 2011-08-12 02:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-12 02:48 . 2011-08-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2011-08-11 03:50 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:50 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 00:34 . 2011-08-09 00:34 -------- d-----w- c:\documents and settings\Cheri\Application Data\DriverCure
2011-08-09 00:34 . 2011-08-09 00:34 -------- d-----w- c:\documents and settings\Cheri\Application Data\ParetoLogic
2011-08-09 00:33 . 2011-08-09 00:33 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-08-09 00:33 . 2011-08-09 00:33 -------- d-----w- c:\program files\ParetoLogic
2011-08-09 00:33 . 2011-08-09 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-08-07 04:14 . 2011-08-07 04:14 -------- d-----w- c:\documents and settings\Cheri\Local Settings\Application Data\AVG Security Toolbar
2011-08-07 04:13 . 2011-08-09 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 02:43 . 2002-12-17 17:27 241152 ----a-w- c:\windows\system32\drivers\cdudf_xp.sys
2011-08-31 06:02 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-30 04:19 . 2002-12-17 17:27 206464 ----a-w- c:\windows\system32\drivers\udfreadr_xp.sys
2011-08-30 04:00 . 2004-08-04 10:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-12 02:52 . 2010-04-23 02:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-06 09:13 . 2011-08-06 09:13 218624 ----a-w- c:\windows\system32\terdvw32.dll
2011-08-06 09:13 . 2011-08-06 09:13 35840 ----a-w- c:\windows\system32\temgvw32.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2008-03-20 19:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-08-22 02:06 . 2010-08-22 02:06 466 ----a-w- c:\program files\0821201021064406.bat
2010-08-19 05:14 . 2010-08-19 05:14 455 ----a-w- c:\program files\081920100140231.bat
2010-07-23 04:40 . 2010-08-17 01:56 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 15:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-10-17 546192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SMCWUSB-N2 Wireless Utility"="c:\program files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe" [2009-08-07 557171]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2010-08-09 316072]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Cheri\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCMService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG10\\Toolbar\\ToolbarBroker.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/31/2011 11:50 PM 98392]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [5/12/2011 10:28 PM 193192]
R3 arusb(SMC);SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC);c:\windows\system32\drivers\arusb.sys [4/29/2011 1:27 PM 458240]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe --> c:\windows\system32\nlssrv32.exe [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S2 TermServices;Remote Desktop Services;c:\windows\System32\svchost.exe -k termfvc [8/4/2004 5:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8/7/2011 4:34 AM 1025352]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-08-12 22:26]
.
2011-08-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-08-31 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-08-26 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-08-31 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://stp.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=BA2BCD184A9640BAA4822E2BF2853CC1&machine_id=94fdc41a2af680d5c1038338243c23ba&browser=IE&os=win&os_version=5.1-x86-SP3
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-welcome-user-app
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e3e5c27&v=7.007.026.001&i=27&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
AddRemove-3D Shadow by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\3D Shadow
AddRemove-Artistic Effects by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\Artistic Effects
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 18:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-602162358-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1152)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Dell Toolbar\toolband.dll
c:\program files\Dell Toolbar\resource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\BCMSMMSG.exe
.
**************************************************************************
.
Completion time: 2011-09-05 19:08:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-06 00:08
.
Pre-Run: 37,882,560,512 bytes free
Post-Run: 37,839,462,400 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AFDA298ED1A95BC748C12DFF533F9F85

Please let me know if there is anything else I need to do. I see on the report that it deleted some files and it says to re-install the program it pertains to but I can't tell what programs they are. Can I reinstall AVG now? Is there a better anti-virus that you would recommend?

I will definitely be putting some money in the paypal account as soon as I get paid again. You have helped me more than anyone else!!!
  • 0

Advertisements

#17
Essexboy
Posted 06 September 2011 - 10:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks as though the OTLPE clearances paved the way for Combofix to do its thing :)


Programmes that may require re-installing :

Nitro PDF Express 2
Dell Printer
Atheros Wireless LAN (not an essential file)
Windows index service (again not essential unless you have windows indexing your files for searching)

As for Antivirus, be aware I am biased :unsure: ... I use Avast Internet Security as I find the web protection very good, if you wish to use that I can give you the download details and installation/registrations details (there is a free version of this which is just as good as the paid, but without the firewall element)

I would like to do one further scan to check for orphans, this may take about 20 minutes as it will incorporate a virus scan

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#18
Cheri430
Posted 06 September 2011 - 12:11 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I work two jobs today and don't get back home until Midnight. I won't be able to try this until Wed. evening. Yes please give me the info about Avast; although I've paid for 2 years of AVG and it has firewall protection with it so I might stay with them for now. Thanks again.
  • 0

#19
Essexboy
Posted 06 September 2011 - 12:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problems on the time

Info for Avast here and a review by CNET here
  • 0

#20
Cheri430
Posted 07 September 2011 - 05:51 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I hope it was done scanning. It didn't appear to be doing anything for quite a while. Here is the log. Looks like it found 3 infected files.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-07 18:38:16
-----------------------------
18:38:16.750 OS Version: Windows 5.1.2600 Service Pack 3
18:38:16.750 Number of processors: 1 586 0x209
18:38:16.750 ComputerName: CHERI-0CD94A47F UserName: Cheri
18:38:17.312 Initialize success
18:43:28.125 AVAST engine defs: 11090800
18:43:41.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:43:41.640 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
18:43:43.656 Disk 0 MBR read successfully
18:43:43.656 Disk 0 MBR scan
18:43:43.703 Disk 0 Windows XP default MBR code
18:43:43.703 Disk 0 scanning sectors +156232125
18:43:43.796 Disk 0 scanning C:\WINDOWS\system32\drivers
18:44:03.937 Service scanning
18:44:05.265 Modules scanning
18:44:19.343 Disk 0 trace - called modules:
18:44:19.359 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:44:19.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5d0ab8]
18:44:19.359 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c7b00]
18:44:19.921 AVAST engine scan C:\WINDOWS
18:44:24.671 AVAST engine scan C:\WINDOWS\system32
18:44:40.250 File: C:\WINDOWS\system32\c_90571.nl_ **INFECTED** Win32:Patched-WQ [Trj]
18:46:22.406 File: C:\WINDOWS\system32\searchprotocolhost.exe **INFECTED** Win32:Patched-WQ [Trj]
18:46:34.031 File: C:\WINDOWS\system32\temgvw32.dll **INFECTED** Win32:Malware-gen
18:47:04.171 AVAST engine scan C:\WINDOWS\system32\drivers
18:47:25.312 AVAST engine scan C:\Documents and Settings\Cheri
18:48:36.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cheri\Desktop\MBR.dat"
18:48:36.093 The log file has been saved successfully to "C:\Documents and Settings\Cheri\Desktop\aswMBR.txt"
  • 0

#21
Essexboy
Posted 08 September 2011 - 10:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove those now, do you use the windows search function ?

On completion of this run could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\system32\c_90571.nl_
    C:\WINDOWS\system32\searchprotocolhost.exe
    C:\WINDOWS\system32\temgvw32.dll

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#22
Cheri430
Posted 08 September 2011 - 05:33 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The OTL log after Quick Scan...will do the other steps and then post those results.

OTL logfile created on: 9/8/2011 6:28:24 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Cheri\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.22% Memory free
2.23 Gb Paging File | 1.90 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 36.40 Gb Free Space | 48.88% Space Free | Partition Type: NTFS

Computer Name: CHERI-0CD94A47F | User Name: Cheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 18:16:28 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheri\My Documents\Downloads\OTL.exe
PRC - [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/10/17 04:58:02 | 000,546,192 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2010/08/09 09:32:50 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
PRC - [2010/08/09 09:32:48 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2010/05/21 17:19:46 | 000,193,192 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleaserv.exe
PRC - [2009/08/07 08:57:38 | 000,557,171 | ---- | M] (SMC) -- C:\Program Files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/03 14:35:08 | 001,017,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/08/09 09:32:50 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
MOD - [2010/08/09 09:32:48 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
MOD - [2010/05/21 17:19:46 | 000,193,192 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleaserv.exe
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
MOD - [2009/12/31 01:16:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\DLEAPMON.DLL
MOD - [2009/11/26 03:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleadrpp.dll
MOD - [2009/08/07 08:57:24 | 000,401,525 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2009/08/07 08:55:38 | 000,167,936 | ---- | M] () -- C:\Program Files\SMC\SMCWUSB-N2\oemres.dll
MOD - [2009/06/22 08:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 08:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 08:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 08:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 08:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 08:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 08:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 08:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 12:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/01/13 08:15:15 | 005,709,824 | ---- | M] () -- C:\WINDOWS\system32\DLEAoem.dll
MOD - [2004/04/11 19:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WSearch)
SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- -- (sdAuxService)
SRV - File not found [Auto | Stopped] -- -- (nlsX86cc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (dlea_device)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (ACS)
SRV - [2010/05/21 17:19:46 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 21:43:41 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2011/08/29 23:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/12/01 10:32:24 | 000,458,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(SMC)) SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC)
DRV - [2008/03/22 10:41:53 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/03/21 09:10:42 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2008/03/21 09:10:42 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2008/03/21 09:10:42 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/12/13 20:31:02 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/03/24 10:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://stp.startnow....ion=5.1-x86-SP3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.379
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 20:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 00:03:32 | 000,000,000 | ---D | M]

[2009/04/08 23:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Extensions
[2011/09/08 18:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions
[2010/09/24 22:19:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 00:24:09 | 000,000,000 | ---D | M] (InboxDollars) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2011/06/24 00:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\chrome\content\dca\core\extensionManager
[2010/08/24 01:17:15 | 000,002,564 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\searchplugins\askcom.xml
[2011/07/16 02:44:48 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\searchplugins\bing-zugo.xml
[2011/06/23 21:02:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\searchplugins\search-the-web.xml
[2011/09/04 20:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/08/11 21:53:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/11 21:52:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/08 18:18:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe ()
O4 - HKLM..\Run: [Dell V310-V510 Series Fax Server] C:\Program Files\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [SMCWUSB-N2 Wireless Utility] C:\Program Files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe (SMC)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://groups.msn.co...UC/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1206044020061 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1206044116797 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7DC6A97-275B-476F-95AC-520FFF94479C}: DhcpNameServer = 24.220.0.10 24.220.0.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cheri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cheri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 14:17:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 18:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/05 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\My Documents\Downloads
[2011/09/05 19:16:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/05 18:36:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/05 18:26:23 | 004,195,482 | R--- | C] (Swearware) -- C:\Documents and Settings\Cheri\Desktop\Winlogin.exe
[2011/09/04 18:04:48 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/09/04 17:59:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/31 23:50:18 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/31 23:50:18 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/08/31 23:50:00 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/08/31 22:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Application Data\Malwarebytes
[2011/08/31 22:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/31 21:41:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 21:41:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 21:41:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 21:41:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 21:39:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 21:39:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cheri\Start Menu\Programs\Administrative Tools
[2011/08/31 20:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/31 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/31 20:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/31 20:55:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/29 22:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Desktop\GooredFix Backups
[2011/08/29 22:43:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/29 22:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/28 22:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell V310-V510 Series
[2011/08/28 15:35:43 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2011/08/24 19:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/08/11 21:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Application Data\AVG
[2011/08/11 21:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/11 21:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/11 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/05/12 22:28:12 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
[2011/05/12 22:21:21 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
[2011/05/12 22:21:21 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
[2011/05/12 22:21:21 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
[2011/05/12 22:21:21 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEAhcp.dll
[2011/05/12 22:21:21 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
[2011/05/12 22:21:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
[2011/05/12 22:21:20 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
[2011/05/12 22:21:19 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
[2011/05/12 22:21:19 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
[2011/05/12 22:21:18 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
[2011/05/12 22:21:17 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
[2011/05/12 22:21:17 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe
[2010/08/16 20:56:27 | 002,944,904 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe

========== Files - Modified Within 30 Days ==========

[2011/09/08 18:21:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/09/08 18:20:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/08 18:18:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/07 18:48:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\MBR.dat
[2011/09/07 18:21:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 20:47:37 | 000,002,568 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/05 18:36:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/05 18:26:23 | 004,195,482 | R--- | M] (Swearware) -- C:\Documents and Settings\Cheri\Desktop\Winlogin.exe
[2011/09/05 16:48:27 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2011/09/03 23:02:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\Shortcut to OTLPENet.exe.lnk
[2011/09/03 21:33:59 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 23:50:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/31 21:43:41 | 000,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys
[2011/08/31 03:47:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/08/31 02:02:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/08/29 23:45:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/29 23:19:26 | 000,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys
[2011/08/28 17:52:19 | 002,933,280 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\AVGInstLog.cab
[2011/08/26 02:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/08/11 21:55:16 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/11 21:55:16 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/11 19:08:48 | 000,465,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 19:08:48 | 000,079,380 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/09/07 18:48:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\MBR.dat
[2011/09/05 18:36:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/05 18:36:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/03 23:02:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\Shortcut to OTLPENet.exe.lnk
[2011/08/31 23:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/31 21:41:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 21:41:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 21:41:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 21:41:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 21:41:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/29 22:41:11 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\NTREGOPT.LOC
[2011/08/11 21:55:22 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/08/11 21:55:16 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Cheri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/11 21:55:16 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\AVG PC Tuneup 2011.lnk
[2011/05/12 22:28:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll
[2011/05/12 22:27:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
[2011/05/12 22:27:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll
[2011/05/12 22:27:52 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll
[2011/05/12 22:24:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEAPMON.DLL
[2011/05/12 22:24:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEAFXPU.DLL
[2011/05/12 22:24:39 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEAoem.dll
[2011/05/12 22:24:04 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.dll
[2011/05/12 22:24:04 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.exe
[2011/05/12 22:21:22 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\DLEAinst.dll
[2011/05/12 22:21:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll
[2011/05/12 22:21:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll
[2011/05/12 22:21:19 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll
[2011/05/12 22:21:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll
[2011/05/12 22:21:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll
[2011/05/12 22:21:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll
[2011/05/12 22:21:18 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll
[2011/05/12 22:21:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll
[2011/05/12 22:21:17 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\DLEAcfg.dll
[2011/05/12 22:20:33 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
[2011/05/12 22:20:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
[2011/04/29 13:35:35 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/04/29 13:34:29 | 000,401,525 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2010/08/24 21:19:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/21 21:06:44 | 000,000,466 | ---- | C] () -- C:\Program Files\0821201021064406.bat
[2010/08/19 00:14:02 | 000,000,455 | ---- | C] () -- C:\Program Files\081920100140231.bat
[2010/08/17 01:24:09 | 000,352,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/15 21:05:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\prvlcl.dat
[2009/08/30 23:27:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/11 23:40:17 | 000,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2008/11/11 23:25:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\AWuninstall.exe
[2008/11/02 23:54:47 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 00:05:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/31 22:53:59 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/03/31 11:48:41 | 000,000,556 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/23 00:12:56 | 000,002,568 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/22 18:38:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/22 17:21:14 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 11:33:56 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/20 15:45:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtray.exe
[2008/03/20 15:45:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\hkcmd.exe
[2008/03/20 15:32:35 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/03/20 14:20:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/20 14:14:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/20 08:08:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/20 08:06:47 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,465,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,079,380 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/09/05 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/20 21:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/03/31 11:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 12:15:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/25 21:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/08/03 22:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/09/05 18:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2010/09/01 23:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/08/30 17:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/09/05 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/23 14:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/10/23 20:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/11/25 20:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/08/08 19:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/03/02 23:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/04/29 13:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMC Networks, Inc
[2009/03/19 22:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/13 22:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/09/08 18:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/12 22:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V310-V510 Series
[2008/03/22 18:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/27 23:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/17 21:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/22 18:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\acccore
[2010/01/26 20:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Alien Skin
[2009/08/25 19:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Amazon
[2011/08/11 22:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\AVG
[2011/04/20 21:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\AVG10
[2011/03/22 17:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\AVG9
[2008/12/29 22:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/08 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\DriverCure
[2010/11/25 21:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Flood Light Games
[2008/11/02 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\FotkiDesktop
[2009/01/27 00:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Foxit
[2008/12/22 02:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\FUJIFILM
[2008/04/13 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Jasc
[2009/08/25 20:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\MSNInstaller
[2011/01/02 22:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Oberon Media
[2010/09/05 20:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Oberonv1006
[2011/08/08 19:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\ParetoLogic
[2009/08/02 22:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Pogo Games
[2009/11/29 23:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Registry Mechanic
[2010/08/24 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Sudden Games
[2011/05/13 00:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\V310-V510 Series
[2009/01/23 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Viewpoint
[2009/12/23 18:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Windows Desktop Search
[2009/12/25 00:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Windows Search
[2011/09/08 18:21:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/08/08 19:34:23 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/08/31 03:47:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/08/26 02:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2011/08/31 02:02:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864A52B8
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E999B93
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60D48570
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6622852D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB0CD29E
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F34C507
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DA8CC0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B87381C
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D9A374E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6427C0F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#23
Cheri430
Posted 08 September 2011 - 05:37 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
There is also this OTL Extras log and I don't have any idea when it generated. I just saw it when I went to close everything.

OTL Extras logfile created on: 9/8/2011 6:28:24 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Cheri\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.22% Memory free
2.23 Gb Paging File | 1.90 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 36.40 Gb Free Space | 48.88% Space Free | Partition Type: NTFS

Computer Name: CHERI-0CD94A47F | User Name: Cheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe" = C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe:*:Enabled:AVG Security Toolbar
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java™ Update Client Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG10\avgui.exe" = C:\Program Files\AVG\AVG10\avgui.exe:*:Enabled:AVG User Interface


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2ED2D0D4-978C-427C-B87A-8117AD52A5CE}" = SMCWUSB-N2 Wireless Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}" = Mahjong Garden Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115430860}" = Amazing Adventures Around The World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115540840}" = Dr Lynch Grave Secrets
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116573793}" = Dream Day Couple
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118281503}" = Matchmaker Joining Hearts
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D960A153-9447-4003-8ED0-C86858C11BCC}" = SMCWUSB-N2 Wireless Utility
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell V310-V510 Series" = Dell V310-V510 Series
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Eye Candy 6" = Alien Skin Eye Candy 6
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature Demo
"GamesBar" = GamesBar 2.0.1.73
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2011 10:11:07 PM | Computer Name = CHERI-0CD94A47F | Source = MsiInstaller | ID = 11321
Description = Product: iTunes -- Error 1321. The Installer has insufficient privileges
to modify this file: C:\Program Files\iTunes\iTunes.exe.

Error - 8/31/2011 10:11:09 PM | Computer Name = CHERI-0CD94A47F | Source = MsiInstaller | ID = 11321
Description = Product: iTunes -- Error 1321. The Installer has insufficient privileges
to modify this file: C:\Program Files\iTunes\iTunes.exe.

Error - 8/31/2011 10:18:10 PM | Computer Name = CHERI-0CD94A47F | Source = MsiInstaller | ID = 11321
Description = Product: iTunes -- Error 1321. The Installer has insufficient privileges
to modify this file: C:\Program Files\iTunes\iTunes.exe.

Error - 9/1/2011 12:09:41 AM | Computer Name = CHERI-0CD94A47F | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2011 12:09:49 AM | Computer Name = CHERI-0CD94A47F | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 9/1/2011 12:29:24 AM | Computer Name = CHERI-0CD94A47F | Source = Application Hang | ID = 1002
Description = Hanging application msmsgs.exe, version 4.7.0.3001, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2011 12:29:34 AM | Computer Name = CHERI-0CD94A47F | Source = Application Hang | ID = 1001
Description = Fault bucket 150851737.

Error - 9/4/2011 8:23:20 PM | Computer Name = CHERI-0CD94A47F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/4/2011 8:23:20 PM | Computer Name = CHERI-0CD94A47F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/8/2011 7:28:02 PM | Computer Name = CHERI-0CD94A47F | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/8/2011 7:21:15 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%2

Error - 9/8/2011 7:21:15 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/8/2011 7:21:15 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Remote Desktop Services
service to connect.

Error - 9/8/2011 7:21:15 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The Remote Desktop Services service failed to start due to the following
error: %%1053

Error - 9/8/2011 7:21:15 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%2

Error - 9/8/2011 7:22:01 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The dlea_device service failed to start due to the following error:
%%2

Error - 9/8/2011 7:22:01 PM | Computer Name = CHERI-0CD94A47F | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service WSearch with arguments
"" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 9/8/2011 7:22:01 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%2

Error - 9/8/2011 7:22:04 PM | Computer Name = CHERI-0CD94A47F | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service WSearch with arguments
"" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 9/8/2011 7:22:04 PM | Computer Name = CHERI-0CD94A47F | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%2


< End of report >
  • 0

#24
Cheri430
Posted 08 September 2011 - 06:19 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the Malwarebytes log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7680

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2011 6:51:48 PM
mbam-log-2011-09-08 (18-51-48).txt

Scan type: Quick scan
Objects scanned: 174052
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adware_ProNE (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#25
Cheri430
Posted 08 September 2011 - 06:42 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Do I use the windows search function? Not that I know, sorry, I never use it to search the web if that's what you mean.

There doesn't seem to be any more problems. No more Google redirects and I was able to successfully download, update and run AVG. Is MalWareByte's something I can keep using? Are we done?
  • 0

Advertisements

#26
Cheri430
Posted 08 September 2011 - 08:52 PM

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
AVG found 4 trojans and 1 virus after running all of the above. Why is it so hard to get rid of all of them?

"";"C:\_OTL\MovedFiles\09082011_181845\C_WINDOWS\system32\temgvw32.dll";"Trojan horse BackDoor.Delf.19.A";"Moved to Virus Vault"
"";"C:\_OTL\MovedFiles\09082011_181845\C_WINDOWS\system32\searchprotocolhost.exe";"Virus identified Win32/Katusha.A";"Moved to Virus Vault"
"";"C:\_OTL\MovedFiles\09042011_185900\C_WINDOWS\3941072378:84023317.exe";"Trojan horse Generic4_c.BFAA";"Moved to Virus Vault"
"";"C:\_OTL\MovedFiles\09042011_185900\C_Documents and Settings\NetworkService\Local Settings\Application Data\ljp.exe";"Trojan horse Generic24.FPM";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\terdvw32.dll";"Trojan horse Agent3.AAWM";"Moved to Virus Vault"
  • 0

#27
Essexboy
Posted 09 September 2011 - 10:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
C:\_OTL\MovedFiles safely tucked away in the quarantine folder :yes: Malwarebytes is good for an on demand/weekly scanner

OK lets tidy you up now

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:
  • 0

#28
Essexboy
Posted 10 September 2011 - 02:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP