Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: az_shyguy on March 23, 2010, 10:22:40 AM
-
Hello and thanks for your help in advance :)
System Info:
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Compaq Presario 061
System Model PS569AA-ABA SR1420NX NA520
System Type X86-based PC
Processor x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2933 Mhz
BIOS Version/Date Phoenix Technologies, LTD 3.04, 1/26/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
Time Zone Mountain Daylight Time
Total Physical Memory 768.00 MB
Available Physical Memory 331.03 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.82 GB
Page File C:\pagefile.sys
Well I am back once again..... I would just like to make sure that the computer is clean, or if things need to be fixed before moving on to a solution for my problem, that is if it isn't a virus or malware problem.
Here is the problem? :-\ Internet Explorer is hanging or stalls when opening a website (I have tried numerous sites!) It gets to about 3 or 4 status bars on the indicator for loading a site then it just stays there and nothing else becomes of it. Just sits there with a blank white screen. This has been an erratic problem and I have been able to actually get the site, after hitting the refresh button. Funny thing is sometimes the sites come up and other times they won't... It is getting progressively worse and now the refresh button isn't working either. I have gone to all programs/accessories/system tools/internet explorer(no add-on's) and tried that.. same problem?
I am using firefox right now and it seems to be working fine.. I have to go to work, so my mom will be using firefox today and let me know how it does (It's her computer I am troubleshooting so am going by what she has told me besides what I have tried. ) So I would appreciate any feedback and any instructions on any problems found in logs..
Thank you again for your Time!
[Saving space, attachment deleted by admin]
-
Your logs are clean. But, we will check anyway.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
-
thanks for responding Dragon Master!
I thought the logs would be clean but wanted to make sure.
OK ran the OTL and attached the logs below. will check back later for further instructions.
thanks again! :)
[Saving space, attachment deleted by admin]
-
Please open those and copy and paste the results back here. You may need a few posts to get all the data.
-
Ok here is OTL log:
OTL logfile created on: 3/24/2010 11:02:50 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
759.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.58 Gb Total Space | 24.11 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 2.56 Gb Free Space | 36.76% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MOMSCOMP
Current User Name: Compaq_Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/03/24 22:52:09 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\OTL.exe
PRC - [2010/03/17 13:08:25 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/17 13:08:20 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 13:08:19 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 13:08:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 13:07:30 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 13:07:30 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 13:07:28 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/06/23 18:23:00 | 000,015,360 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
========== Modules (SafeList) ==========
MOD - [2010/03/24 22:52:09 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/17 13:08:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 13:07:30 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010/03/17 13:08:22 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 13:08:19 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 13:07:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/09/10 05:10:36 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/09/10 05:09:58 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2008/09/10 05:09:54 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/07/28 23:14:22 | 000,091,577 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2004/06/29 11:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/09/19 10:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 08:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 11:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.us.yahoo.com/?r828=1261341517
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 D9 8C 28 AD 81 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginen ame: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101740&gct=&gc=1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/17 13:11:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 17:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/17 12:09:39 | 000,000,000 | ---D | M]
[2009/12/27 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Mozilla\Extensions
[2009/12/27 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Mozilla\Extensions\[email protected]
[2010/03/24 11:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Mozilla\Firefox\Profiles\jzdkypxf.default\extensions
[2009/10/31 15:54:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Mozilla\Firefox\Profiles\jzdkypxf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/09 12:10:14 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Mozilla\Firefox\Profiles\jzdkypxf.default\searchplugins\ask.xml
[2009/11/13 17:00:07 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Mozilla\Firefox\Profiles\jzdkypxf.default\searchplugins\bing.xml
[2010/03/24 11:28:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/01/09 13:48:52 | 000,000,036 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237953938453 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\My Pictures\Dusty first haircut and v-day 2009\100_0625.JPG
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 04:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{e1f9ccfa-f338-11de-8070-0011d8a48120}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e1f9ccfa-f338-11de-8070-0011d8a48120}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e1f9ccfa-f338-11de-8070-0011d8a48120}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e1f9ccfa-f338-11de-8070-0011d8a48120}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e1f9ccfa-f338-11de-8070-0011d8a48120}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
-
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/24 19:58:47 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 30 Days ==========
[2010/03/24 22:52:16 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\OTL.exe
[2010/03/23 09:17:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Recent
[2010/03/23 09:13:25 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\HJTInstall(2).exe
[2010/03/23 09:07:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\HJTInstall.exe
[2010/03/18 22:12:13 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\drivers\el90xnd5.sys
[2010/03/18 22:12:13 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010/03/17 13:08:19 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/15 21:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\reduced
[2010/03/15 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\Help
[2010/03/15 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\Help
[2010/03/15 20:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\dougs pics
[2010/03/10 17:24:33 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/18 19:16:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/18 19:16:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/18 19:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/18 19:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/30 08:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/24 22:52:55 | 057,644,995 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/24 22:52:09 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\OTL.exe
[2010/03/24 18:43:31 | 000,181,627 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\springintospring1024.jpg
[2010/03/24 14:38:56 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Pickled Beets.wdb
[2010/03/24 14:38:56 | 000,017,210 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\wklnhst.dat
[2010/03/24 09:11:29 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/24 09:11:29 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/03/24 09:10:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/24 09:10:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/24 00:10:29 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\NTUSER.DAT
[2010/03/24 00:10:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\ntuser.ini
[2010/03/24 00:10:09 | 012,835,218 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\IconCache.db
[2010/03/23 09:18:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/23 09:14:34 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\Shortcut to sniper.exe.lnk
[2010/03/23 09:13:38 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\HijackThis.lnk
[2010/03/23 09:13:20 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\HJTInstall(2).exe
[2010/03/23 09:07:41 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\HJTInstall.exe
[2010/03/22 17:13:53 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\CCleaner.lnk
[2010/03/22 17:08:16 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\cc_20100322_170812.reg
[2010/03/18 23:22:21 | 000,000,576 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/17 13:08:22 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/17 13:08:19 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/17 13:08:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/17 13:07:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/17 12:09:39 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/03/17 12:09:39 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/03/16 12:33:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Doug Bill Worksheet.xlr
[2010/03/16 12:20:27 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Checks Received During Year.xlr
[2010/03/15 21:42:55 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2010/03/14 16:06:49 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Pogo Games & Badges.xlr
[2010/03/14 12:01:12 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:01:12 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 12:01:11 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 13:24:53 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Letter Dish Cloth - Coasters.wps
[2010/03/10 20:11:16 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Carol Journal.wps
[2010/03/08 10:43:23 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Doug Medical Information.wps
[2010/03/06 15:12:24 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Chore List Winter & Spring Cleaning.xlr
[2010/03/06 00:07:11 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Spinach Supreme.wdb
[2010/03/05 19:55:01 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Black Bottom Cupcakes.wdb
[2010/03/05 15:32:25 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Donation List Youth Ranch Idaho.xlr
[2010/03/05 15:23:51 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\CASH EXPENSES 2010.xlr
[2010/02/27 13:17:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Carol's Medical Sheet.wps
[2010/02/27 11:08:43 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Doctors Miles.xlr
[2010/02/27 11:06:40 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Currant List To Do Right Away.xlr
[2010/02/24 16:41:46 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Mari Gra Tuna Buns.wdb
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/24 18:43:33 | 000,181,627 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\springintospring1024.jpg
[2010/03/23 09:14:34 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\Shortcut to sniper.exe.lnk
[2010/03/23 09:13:37 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\HijackThis.lnk
[2010/03/22 17:08:14 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop\cc_20100322_170812.reg
[2010/03/17 12:09:39 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/03/17 12:09:39 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/03/16 12:20:27 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Checks Received During Year.xlr
[2010/03/06 00:07:11 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Spinach Supreme.wdb
[2010/03/05 19:39:03 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Black Bottom Cupcakes.wdb
[2010/02/26 21:18:35 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\My Documents\Letter Dish Cloth - Coasters.wps
[2009/03/26 16:34:19 | 000,017,210 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Application Data\wklnhst.dat
[2009/03/25 13:59:27 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 21:19:59 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\fusioncache.dat
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/04 17:35:36 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2008/03/17 10:11:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/12/13 17:04:21 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/03/15 14:51:09 | 000,000,078 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2006/12/09 13:28:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/03/13 13:40:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/19 17:41:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI5_SETUP.ini
[2005/06/27 18:02:56 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2005/06/27 18:02:55 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2005/06/27 18:02:55 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2005/02/04 02:55:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/04 02:51:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/04 02:51:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/04 02:51:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/04 02:51:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/04 02:51:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/04 02:51:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/04 02:20:59 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/04 02:20:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/04 02:20:32 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/04 02:17:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/04 02:05:13 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/04 01:52:09 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/04 01:50:58 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 01:50:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 01:50:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 17:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 04:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 04:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 22:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 00:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
-
========== Custom Scans ==========
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/10/14 21:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/14 21:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/14 21:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %SYSTEMDRIVE%\*.* >
[2005/10/22 22:06:41 | 000,004,867 | ---- | M] () -- C:\Alerts.txt
[2009/07/26 16:33:48 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2004/10/15 04:38:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/24 21:17:56 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2009/10/22 20:33:22 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/04 05:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2009/01/13 14:36:57 | 000,008,711 | ---- | M] () -- C:\ComboFix.txt
[2004/10/15 04:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/23 16:43:37 | 000,000,227 | ---- | M] () -- C:\CtDrvIns.log
[2009/11/23 16:45:52 | 000,002,826 | ---- | M] () -- C:\CtDrvStp.log
[2004/10/15 04:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/10/15 04:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/24 19:57:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/24 09:10:37 | 1195,376,640 | -HS- | M] () -- C:\pagefile.sys
[2008/05/12 18:54:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/05/12 18:54:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/03/24 09:11:19 | 000,000,627 | ---- | M] () -- C:\sti.log
[2005/10/22 22:06:42 | 000,000,172 | ---- | M] () -- C:\threatalerts.txt
[2006/08/05 18:02:27 | 000,002,420 | -H-- | M] () -- C:\WCThumb.tmb
[2007/01/18 14:34:53 | 000,004,287 | ---- | M] () -- C:\_Sid.txt
< %PROGRAMFILES%\*. >
[2005/02/04 02:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/02/19 17:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/02/18 19:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/01/10 18:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2010/03/22 17:13:49 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/02/07 14:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/11/03 16:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/09/10 18:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/06/25 16:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/10/01 12:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2005/06/27 17:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\DSC Driver
[2007/02/06 14:32:02 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2009/03/24 23:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2005/06/28 18:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\EmailStripper
[2007/12/07 22:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/07/03 21:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Help and Support Additions
[2009/03/24 22:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/03 21:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/07/03 21:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2009/11/23 11:49:21 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/02/04 02:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2010/03/18 22:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/02/04 02:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/05/31 12:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2007/03/16 15:41:57 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2006
[2010/01/27 01:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/02/04 02:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Macrovision Corp
[2010/01/09 12:53:57 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/24 20:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/03/21 18:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2006/05/01 11:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\MessengerPlus! 3
[2009/03/20 13:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/24 23:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/11/03 16:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/24 23:00:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/10/01 12:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2005/02/04 02:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Dancer LE
[2005/02/04 02:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/02/04 02:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2005/02/04 02:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/03 21:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/03/10 17:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/24 22:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/10/22 19:06:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/19 20:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/02/04 02:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2004/11/03 16:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/12/13 18:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/11/18 02:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/06/09 05:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2009/03/24 20:00:17 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/02/19 17:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2005/02/04 02:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/12 20:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/10/05 15:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Overland
[2008/06/11 14:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2005/02/04 02:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2005/02/04 02:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2008/06/04 18:48:08 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2005/02/04 02:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/02/04 02:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/10/22 19:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/02/04 02:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2005/02/04 02:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic RecordNow!
[2007/01/12 17:38:00 | 000,000,000 | ---D | M] -- C:\Program Files\StompSoft
[2010/02/07 14:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/10/01 11:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\SupportSoft
[2008/06/11 14:53:58 | 000,000,000 | ---D | M] -- C:\Program Files\Total Uninstall 4
[2010/03/23 09:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/03/20 11:15:53 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2007/12/13 17:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2004/11/03 16:20:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/02/04 02:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/07/14 16:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/10/22 20:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/13 16:58:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/06/09 06:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/03/24 22:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/06/09 05:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/26 09:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/24 20:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/11/03 16:20:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/11/03 16:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/11/23 12:16:56 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/04/29 09:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
< MD5 for: AGP440.SYS >
[2008/09/05 02:38:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/24 19:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/03/24 19:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/03/24 19:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/09/05 02:38:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/24 19:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/24 19:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/03/24 19:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-10 23:34:56
< End of report >
-
AND Here is the OTL EXTRAS:
OTL Extras logfile created on: 3/24/2010 11:02:50 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
759.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.58 Gb Total Space | 24.11 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 2.56 Gb Free Space | 36.76% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MOMSCOMP
Current User Name: Compaq_Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
-
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC888095-A35E-4993-A9E0-366BF6F0CCE0}" = ArcSoft PhotoImpression 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI Soft Voice SoftRing Modem with SmartCP
"Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
"Creative WebCam Center" = Creative WebCam Center
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/13/2009 8:53:00 AM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 8/15/2009 4:27:11 AM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 8/16/2009 3:57:00 AM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8
NIL, P9 NIL, P10 NIL.
Error - 8/17/2009 2:07:30 AM | Computer Name = MOMSCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x1c022505.
Error - 8/17/2009 3:34:02 AM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 8/19/2009 9:32:51 AM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072f78, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 8/21/2009 9:52:45 PM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 8/22/2009 10:54:05 AM | Computer Name = MOMSCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x02c17cc1.
Error - 8/24/2009 4:17:10 AM | Computer Name = MOMSCOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 8/24/2009 9:56:43 PM | Computer Name = MOMSCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x1430e0ed.
[ System Events ]
Error - 2/4/2010 10:23:25 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/5/2010 4:32:53 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/5/2010 10:40:41 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/6/2010 12:40:28 AM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/6/2010 3:47:33 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/6/2010 5:17:38 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/6/2010 6:49:40 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/7/2010 12:06:36 AM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 0011D8A48120.
Error - 2/7/2010 2:52:12 PM | Computer Name = MOMSCOMP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0011D8A48120. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.
Error - 3/19/2010 5:58:08 PM | Computer Name = MOMSCOMP | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
-
Will be checking back for further instructions!!
Thanks!
-
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from Malwarebytes.org (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Alternate link: BleepingComputer.com (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe).
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
Double Click mbam-setup.exe to install the application.
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
Ok .. did as you said and here is the log... will be waiting for further instruction!! :)
Malwarebytes' Anti-Malware 1.44
Database version: 3920
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/26/2010 8:50:33 PM
mbam-log-2010-03-26 (20-50-33).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 269601
Time elapsed: 1 hour(s), 50 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully.
-
Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
-
Ok Here is the eset log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cf02a50f8294034eae3e424673bdde35
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-27 05:20:26
# local_time=2010-03-26 11:20:26 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 2200050 2200050 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 74 27720421 37001793 0 0
# scanned=125174
# found=2
# cleaned=2
# scan_time=6778
C:\Documents and Settings\Compaq_Owner.MOMSCOMP\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DCE0A06A-91DA-42EB-8262-2D763754AD71} Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.msn Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
- Select Start > All Programs > Accessories > System tools > System Restore.
- On the dialogue box that appears select Create a Restore Point
- Click NEXT
- Enter a name e.g. Clean
- Click CREATE
You now have a clean restore point, to get rid of the bad ones:
- Select Start > All Programs > Accessories > System tools > Disk Cleanup.
- In the Drop down box that appears select your main drive e.g. C
- Click OK
- The System will do some calculation and the display a dialogue box with TABS
- Select the More Options Tab.
- At the bottom will be a system restore box with a CLEANUP button click this
- Accept the Warning and select OK again, the program will close and you are done
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer:
- Save it to your Desktop.
- Double click OTC.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
==
Please download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==
Download Security Check by screen317 from SpywareInfoforum.org (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Changelog.fr (http://screen317.changelog.fr/SecurityCheck.exe).- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Also, tell me if IE still hangs.
-
Ok Here is the security check log...
Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 9.0
ESET Online Scanner v3
ZoneAlarm
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 18
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
:-\
There has been no change on the IE... sometimes it will bring up a site but more often than not ... It just gets to 3 or 4 indicator bars and just sits there and other times it gets the hour glass and nothing happens..(again it just sits there!?) thinking it could be the cableone internet modem I brought my computer in and hooked it up and IE runs just fine on there so I do not believe it is a modem problem... I would like to thank you very much for your help and if there is any other suggestions or instructions for me I will be checking.. I just wanted to make sure computer was clean before trying anything else. I believe I am going to try and uninstall IE and reinstall and see if that will help... Thanks again for your help! ;)
-
Ok. If you need anymore help on the IE issue, make sure to post in the software section on this board, so you get the appropriate help on that specific issue. It is probably something deeper.
Your computer looks secure enough, so I will just post a link to my prevention page.
See this page (http://www.helpmyos.com/learn-security-f40/preventing-malware-and-being-resistant-to-the-dangers-of-the-internet-t1516.htm) for more info about malware and prevention.
-
Since this appears to be resolved, this topic is now closed. Glad we could help!
=>CLOSED