Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome ( Log In | Register )
Easy as 1,2,3!

2 Pages V   1 2 >  
 Reply to this topicStart new topic
> Fraud.Sysguard malware, Sloe IE Startup Baseline
cherfxst
post Nov 7 2009, 01:48 PM
Post #1


New Member
*

Group: Authentic Member
Posts: 14
Joined: 14-November 08
From: Indiana, USA
Member No.: 82,397
Operating System: Windows XP Home Version 2002 Servic Pack 3
pullhair.gif
Backgroung on PC

Windows XP Home Edition Version 2002 Service Pack 3

Intel Pentium 4 CPU 2.4GHz 1.00 GB RAM

IE thru Cable modem

I Use:

  • Zone Alarm
  • AVG Free 9.0
  • Advanced System Care
  • Scotty
  • I had TeaTimer, but it doesn’t appear anymore
[/size]

First I noticed slow Start-up.

Things have gotten progressively worse. I’ll try to go through them as I noticed the problems happening:

o IE started slowing down. I had to keep re-booting to get it to work again.

o Start-up kept getting slower and would occasionally make me enter the configurations change at start up. I thought this was from using “Advanced System Care” because it would make registry changes.

o IE started taking me to pages I had not requested. (i.e. I would click on one place and it took me elsewhere. This happened elsewhere, but mainly in Ebay where I have been spending a lot of time).

o Then my EBay alerts stopped working, would say I was not logged in when I was. I uninstalled the toolbar and re-installed the toolbar, didn’t fix the problem)

o Then, I noticed items missing from my startup queue(list at bottom right of screen)





[size="5"]Things got really bad October 30. I must admit I had been slack on running virus/malware checkers.

I ran, in this order:

  • SpyBot (found Fraud.Sysguard)
  • SpyWare Blaster
  • GlarySoft Registry Repair
  • I also tried to go back to a restore point from October 24th.


Things didn’t get any better except I haven’t gotten any more of the occasionally requests to make configurations changes at start up.



What I did today:

Here is the HijacjThisLog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:47 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\PROGRAM FILES\YAHOO!\SEARCH PROTECTION\SEARCHPROTECTION.EXE
C:\WORKPAD\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.projectoftheweek.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Policies\Explorer\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Policies\Explorer\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135387651586
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Cheryl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8965 bytes
Go to the top of the page
 
+Quote Post
oldman960
post Nov 11 2009, 12:14 AM
Post #2


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,905
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi cherfxst, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop


Download OTListIt2 to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

No need for a Hijackthis log this time.

Please post back with
  • GMER log
  • Both OTL logs


Thanks
Go to the top of the page
 
+Quote Post
cherfxst
post Nov 12 2009, 06:56 PM
Post #3


New Member
*

Group: Authentic Member
Posts: 14
Joined: 14-November 08
From: Indiana, USA
Member No.: 82,397
Operating System: Windows XP Home Version 2002 Servic Pack 3
I think I followed the instructions correctly.

Here is the GMER log:
GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-12 19:01:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Cheryl\LOCALS~1\Temp\pxrdipod.sys


---- Kernel code sections - GMER 1.0.15 ----

? srescan.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----

Here is the OLT.txt:

OTL logfile created on: 11/12/2009 7:13:27 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 396.14 Mb Available Physical Memory | 38.71% Memory free
2.41 Gb Paging File | 1.93 Gb Available in Paging File | 80.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 54.74 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYROOM
Current User Name: Cheryl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cheryl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Atomic Clock Sync\Atomic.exe (Chaos Software Group, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WorkPad\HOTSYNC.EXE (Palm Computing, Inc., a 3Com Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Cheryl\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\Syncor11.dll (SoundMAX)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (PAP(ZyDas) -- C:\WINDOWS\system32\drivers\PAPBlue.sys (ZyDAS Technology Corporation)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (NCBULK) -- C:\WINDOWS\system32\drivers\NcBulk.SYS (NetChip Technology, Inc.)
DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\NcBulk.SYS (NetChip Technology, Inc.)
DRV - (SFTSER) -- C:\WINDOWS\system32\drivers\sftser.sys (LapLink, Inc.)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\bsudf.sys (ahead software)
DRV - (IdeChnDr) -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (IdeBusDr) -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\incdrm.sys (Ahead Software AG)
DRV - (WBHWDOCT) -- C:\WINDOWS\system32\drivers\WBHWDOCT.sys (Winbond Electronics Corp.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel)
DRV - (BsStor) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 1886680168
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.projectoftheweek.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/30 18:58:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 10:40:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/09 17:09:12 | 00,000,000 | ---D | M]

[2009/09/25 11:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\extensions
[2009/11/11 10:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (793 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1135387651586 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Cheryl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/20 18:09:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/12 19:11:13 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2009/11/12 15:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\gmer
[2009/11/09 18:01:37 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/11/09 17:58:12 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/11/09 17:14:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/09 17:09:29 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/09 17:09:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/09 17:09:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/09 17:09:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/09 17:09:29 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/09 17:09:08 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/09 17:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\Sun
[2009/11/07 13:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/03 01:46:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\InstallShield
[2009/11/01 23:28:19 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/01 23:26:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/01 10:41:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\Birthstone Info
[2009/10/14 00:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\glxljt
[1 C:\Documents and Settings\Cheryl\Desktop\*.tmp files -> C:\Documents and Settings\Cheryl\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/12 19:11:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2009/11/12 15:08:22 | 00,283,347 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\gmer.zip
[2009/11/12 07:04:32 | 44,980,972 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/12 07:03:49 | 00,089,173 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/11 12:38:48 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/11 12:38:26 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/11 12:38:22 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/11 12:37:08 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/11 12:36:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/11 12:36:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/11 12:36:24 | 00,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 12:36:23 | 10,732,54400 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/11 12:35:21 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Cheryl\ntuser.dat
[2009/11/11 12:35:07 | 12,876,170 | -H-- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\IconCache.db
[2009/11/11 10:00:18 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Glary Utilities.lnk
[2009/11/10 08:24:57 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/09 17:09:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/09 17:09:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/09 17:09:11 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/09 17:09:11 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/09 17:09:11 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/07 15:00:05 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Problem Description.doc
[2009/11/07 13:59:48 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\NTREGOPT.lnk
[2009/11/07 13:59:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\ERUNT.lnk
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/03 01:46:22 | 00,000,157 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/11/02 22:57:48 | 00,000,897 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/02 22:57:48 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/02 22:57:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/01 23:28:07 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/01 23:27:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/01 23:27:44 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/01 23:27:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/01 10:55:16 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/01 09:57:52 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 09:57:52 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 09:57:52 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/27 17:27:34 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\EbayMessages.doc
[2009/10/24 17:18:47 | 00,001,619 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Earring_design.jpg
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/18 22:49:42 | 00,001,642 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\Danielle Promissory Note - Due on Demand 1.qfl
[2009/10/18 22:35:36 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\DanielleOwes.xls
[2009/10/18 22:20:06 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\MatGriffinLoan.xls
[1 C:\Documents and Settings\Cheryl\Desktop\*.tmp files -> C:\Documents and Settings\Cheryl\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/12 15:08:25 | 00,283,347 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\gmer.zip
[2009/11/11 10:00:18 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Glary Utilities.lnk
[2009/11/07 13:59:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\NTREGOPT.lnk
[2009/11/07 13:59:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\ERUNT.lnk
[2009/11/07 13:42:35 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Problem Description.doc
[2009/11/03 01:46:22 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/10/24 17:21:11 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Earring_design.jpg
[2009/10/18 22:49:42 | 00,001,642 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\Danielle Promissory Note - Due on Demand 1.qfl
[2009/07/09 20:01:17 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/11/17 19:45:20 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/11/02 00:59:26 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
[2007/10/30 03:24:00 | 00,000,000 | ---- | C] () -- C:\Program Files\gamingGamePuzzleVB.DB
[2007/10/30 01:47:52 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\fusioncache.dat
[2007/03/22 00:54:32 | 00,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/16 19:46:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2006/07/16 19:46:09 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2006/01/03 10:47:07 | 00,004,820 | ---- | C] () -- C:\WINDOWS\CAMUNWISE.INI
[2006/01/03 10:44:31 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2005/10/01 18:20:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\intelmoh.dll
[2005/10/01 18:19:40 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2005/10/01 18:17:35 | 00,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2005/10/01 18:12:28 | 00,000,076 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2005/08/24 18:45:50 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/06/04 18:59:49 | 00,002,467 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/06/04 18:59:21 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/06/04 18:58:48 | 00,000,614 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2005/06/04 18:58:28 | 00,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
[2005/06/04 18:55:36 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/06/04 18:55:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/06/01 16:53:49 | 00,001,029 | ---- | C] () -- C:\WINDOWS\homsuite.ini
[2005/06/01 16:53:49 | 00,000,961 | ---- | C] () -- C:\WINDOWS\vrdecor.ini
[2005/06/01 16:53:49 | 00,000,317 | ---- | C] () -- C:\WINDOWS\homesym.ini
[2005/04/24 12:36:16 | 04,194,441 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\sdi.db
[2005/04/09 12:34:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\dm.ini
[2005/04/09 12:34:49 | 00,001,212 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\AdobeDLM.log
[2005/04/05 17:26:45 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/23 15:42:07 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/05/23 13:11:15 | 00,133,656 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/30 12:09:08 | 00,133,656 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/01 12:51:09 | 00,000,070 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2004/04/01 12:44:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/04/01 12:43:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/04/01 12:43:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/04/01 02:05:39 | 00,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/03/31 15:50:57 | 00,000,111 | ---- | C] () -- C:\WINDOWS\OPERA.INI
[2003/08/03 13:32:11 | 00,000,105 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2003/08/03 09:02:41 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/08/03 08:26:40 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/03 07:26:57 | 00,007,530 | ---- | C] () -- C:\WINDOWS\CADX2.INI
[2003/08/03 07:26:23 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2003/08/03 07:26:22 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2003/08/03 07:26:22 | 00,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2003/08/03 07:26:21 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2003/08/03 07:26:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2003/08/03 07:03:26 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/08/03 06:47:24 | 00,003,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/08/03 06:47:23 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/06/20 18:15:12 | 12,876,170 | -H-- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\IconCache.db
[2003/06/20 18:13:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Cheryl\Application Data\desktop.ini
[2003/06/20 12:55:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/08/29 07:00:00 | 00,000,897 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2005/04/26 09:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/29 09:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/01 23:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/03 01:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2004/03/31 15:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\interMute
[2008/11/17 19:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/08/25 21:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/09/28 18:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/11/07 10:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/29 21:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/05/24 21:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\123 Free Solitaire
[2009/11/03 01:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\eBay
[2009/02/12 19:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\GlarySoft
[2007/04/24 13:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Image Zone Express
[2009/08/01 01:19:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit
[2005/06/14 16:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Laplink
[2004/04/11 11:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Leadertech
[2005/06/14 10:00:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Nikon
[2009/06/10 02:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\POP Peeper
[2005/10/08 13:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Prevx
[2008/01/05 09:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Sammsoft
[2009/11/07 00:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Simple Sudoku
[2006/08/28 19:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Smith Micro
[2009/11/02 11:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\WholeSecurity
[2008/11/17 20:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\WinPatrol
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/11 12:38:22 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2009/11/11 12:36:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


Here is the Extras.txt:

OTL Extras logfile created on: 11/12/2009 7:13:27 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 396.14 Mb Available Physical Memory | 38.71% Memory free
2.41 Gb Paging File | 1.93 Gb Available in Paging File | 80.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 54.74 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYROOM
Current User Name: Cheryl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Laplink FileMover\SFTHost.exe" = C:\Program Files\Laplink FileMover\SFTHost.exe:LocalSubNet:Enabled:SFTHost Module -- (Laplink Software, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03410010-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{192C6FB8-40B8-4910-BE8C-5EE77FACF08D}" = Hallmark Card Studio 2006
"{1D12A299-A473-480A-AEF4-05DB1733AEB0}" = InkSaver
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}" = Risk II
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar Featuring Yahoo!
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110223873}" = Mah Jong Tiles Deluxe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FC95FFD-EC31-11D6-B933-0050BA1CFF7C}" = SoftK56 Data Fax
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AAA9CD1D-3658-4D6C-A916-FCF3C99D00AB}" = Cumulus Nikon Filter
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"123 Free Solitaire" = 123 Free Solitaire
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe ActiveShare" = Adobe ActiveShare 1.3.1
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ArcSoft Camera Suite" = ArcSoft Camera Suite
"ArcSoft PhotoImpression" = ArcSoft PhotoImpression
"Ask Toolbar_is1" = Ask Toolbar
"ASUS Features" = ASUS Features
"ASUS Probe V2.19.00" = ASUS Probe V2.19.00
"AsusUpdate" = AsusUpdate
"Atomic Clock Sync" = Atomic Clock Sync
"AVG9Uninstall" = AVG Free 9.0
"Business Attorney" = Business Attorney
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_USB_VID_0572&PID_1300" = SoftK56 Data Fax
"Conquest_is1" = Conquest 4.0
"Creative Lettering Super Combo" = Creative Lettering Super Combo
"Cumulus 5 Single User" = Cumulus S5.0.9
"ERUNT_is1" = ERUNT 1.1j
"Family Lawyer 2000" = Family Lawyer 2000
"Glary Utilities_is1" = Glary Utilities 2.17.0.776
"HijackThis" = HijackThis 2.0.2
"Home Attorney" = Home Attorney
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = Ahead InCD
"Index Dat Spy" = Index Dat Spy
"InstallShield_{1D12A299-A473-480A-AEF4-05DB1733AEB0}" = InkSaver
"Jasc Digital Camera Support" = Jasc Digital Camera Support Release 4.1
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Laplink FileMover" = Laplink FileMover
"Legal Search" = Legal Search
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyJongg II" = MyJongg II
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"NVIDIA Drivers" = NVIDIA Drivers
"ot2CD13" = Oregon Trail II
"Paint Shop Pro 6" = Paint Shop Pro 6.02 CD
"Play Mahjong Forever_is1" = Play Mahjong Forever
"Play Sudoku" = Play Sudoku 1.21
"POP Peeper" = POP Peeper
"PrintMaster Gold 3.00" = PrintMaster Gold 3.00
"PSP WIFI Max_is1" = PSP WIFI Max
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"Registry Repair_is1" = Glarysoft Registry Repair 2.7
"Secunia PSI" = Secunia PSI
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Simple Sudoku_is1" = Simple Sudoku 4.2
"Smart Defrag_is1" = Smart Defrag 1.20
"SmartDraw 7 Trial Edition" = SmartDraw 7 Trial Edition
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Sudoklue_is1" = Sudoklue
"Sudoku Assistenten_is1" = Sudoku Assistenten 2.0
"TaxCut 2003" = TaxCut 2003
"tdp" = 3Deep
"Texas Hold'em Video Poker_is1" = VPHoldem version 1.0.88
"The Game Of Life" = The Game Of Life
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"True Internet Color" = E-Color Indicator
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"Voice Editor" = Voice Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Sudoku Deluxe_is1" = Web Sudoku Deluxe 1.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Pilot Desktop" = WorkPad Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2009 5:00:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:05 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/8/2009 5:00:05 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 10/14/2009 12:02:04 PM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

Error - 11/3/2009 1:48:14 AM | Computer Name = FAMILYROOM | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 11/9/2009 5:04:14 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/10/2009 10:29:38 AM | Computer Name = FAMILYROOM | Source = IdeChnDr | ID = 262153
Description = The device, \Device\Ide\IdeDeviceP1T1L0, did not respond within the
timeout period.

Error - 11/10/2009 11:56:53 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/10/2009 11:58:16 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/11/2009 11:46:48 AM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/11/2009 11:47:48 AM | Computer Name = FAMILYROOM | Source = Print | ID = 6161
Description = The document http://forums.whatthetech.com/Before_Posti...an_results_self_
owned by Cheryl failed to print on printer HP Deskjet D4300 series. Data type:
NT EMF 1.008. Size of the spool file in bytes: 2238752. Number of bytes printed:
2238752. Total number of pages in the document: 3. Number of pages printed: 12.
Client machine: \\FAMILYROOM. Win32 error code returned by the print processor:
0 (0x0).

Error - 11/11/2009 11:48:14 AM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/11/2009 12:25:05 PM | Computer Name = FAMILYROOM | Source = Print | ID = 6161
Description = The document Microsoft Word - Birthstone Chart.doc owned by Cheryl
failed to print on printer HP Deskjet D4300 series. Data type: NT EMF 1.008. Size
of the spool file in bytes: 196608. Number of bytes printed: 196608. Total number
of pages in the document: 1. Number of pages printed: 3. Client machine: \\FAMILYROOM.
Win32 error code returned by the print processor: 0 (0x0).

Error - 11/11/2009 1:36:48 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/11/2009 1:38:12 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >
Go to the top of the page
 
+Quote Post
oldman960
post Nov 13 2009, 12:31 AM
Post #4


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,905
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi cherfxst,

That is a rather unusual GMER log.

Which version of Zone Alarm do you have? Does it have an antivirus included?

One strange folder is showing in the log. Do you recognize it?

C:\Program Files\glxljt

Run OTL again but we'll broaden the search

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Copy and paste the following bold text into the window under the Custom Scan box

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
There will only be the OTL.txt this time, please post it in your next reply.

Thanks
Go to the top of the page
 
+Quote Post
cherfxst
post Nov 13 2009, 03:27 AM
Post #5


New Member
*

Group: Authentic Member
Posts: 14
Joined: 14-November 08
From: Indiana, USA
Member No.: 82,397
Operating System: Windows XP Home Version 2002 Servic Pack 3
Here is my info on ZoneAlarm:
ZoneAlarm version:8.0.298.000
TrueVector version:8.0.298.000
Driver version:8.0.298.000
It says it is not running any AntiVirus. But I do make it pop up to ask me to Allow or Deny access to certain programs (it has a box i check to build a list of sites I always want it to allow). I did not get the pop up when I ran GMER.

After I downloaded GMER I selected "Extract all files" in the zip folder, which placed a GMER folder on my desktop with the GMER executable, and only the executable in it. Then I ran GMER from the GMER folder. Did I do this correctly?

I have no idea what the "glxljt" folder is in C:\Program Files. I ran a search on glxljt and it only appeared in C:\Program Files and appears to be an empty folder.

Now for the next log file you requested
OTL logfile created on: 11/13/2009 3:51:54 AM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 367.71 Mb Available Physical Memory | 35.93% Memory free
2.41 Gb Paging File | 1.90 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 54.75 Gb Free Space | 73.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYROOM
Current User Name: Cheryl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cheryl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Atomic Clock Sync\Atomic.exe (Chaos Software Group, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WorkPad\HOTSYNC.EXE (Palm Computing, Inc., a 3Com Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Cheryl\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\Syncor11.dll (SoundMAX)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 1886680168
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.projectoftheweek.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/30 18:58:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 10:40:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/09 17:09:12 | 00,000,000 | ---D | M]

[2009/09/25 11:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\extensions
[2009/11/11 10:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (793 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1135387651586 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Cheryl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/20 18:09:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/06/20 18:08:49 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/12 19:11:13 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2009/11/12 15:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\gmer
[2009/11/09 17:58:12 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/11/09 17:14:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/09 17:09:08 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/09 17:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\Sun
[2009/11/07 13:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/03 01:46:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\InstallShield
[2009/11/01 23:28:19 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/01 23:26:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/01 10:41:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\Birthstone Info
[1 C:\Documents and Settings\Cheryl\Desktop\*.tmp files -> C:\Documents and Settings\Cheryl\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/12 19:11:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2009/11/12 15:08:22 | 00,283,347 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\gmer.zip
[2009/11/12 07:04:32 | 44,980,972 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/12 07:03:49 | 00,089,173 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/11 12:38:48 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/11 12:38:26 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/11 12:38:22 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/11 12:37:08 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/11 12:36:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/11 12:36:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/11 12:36:24 | 00,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 12:36:23 | 10,732,54400 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/11 12:35:21 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Cheryl\ntuser.dat
[2009/11/11 12:35:07 | 12,876,170 | -H-- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\IconCache.db
[2009/11/11 10:00:18 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Glary Utilities.lnk
[2009/11/10 08:24:57 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/07 15:00:05 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Problem Description.doc
[2009/11/07 13:59:48 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\NTREGOPT.lnk
[2009/11/07 13:59:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\ERUNT.lnk
[2009/11/03 01:46:22 | 00,000,157 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/11/02 22:57:48 | 00,000,897 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/02 22:57:48 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/02 22:57:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/01 23:28:07 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/01 23:27:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/01 23:27:44 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/01 23:27:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/01 10:55:16 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/01 09:57:52 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 09:57:52 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 09:57:52 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\Cheryl\Desktop\*.tmp files -> C:\Documents and Settings\Cheryl\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/12 15:08:25 | 00,283,347 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\gmer.zip
[2009/11/11 10:00:18 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Glary Utilities.lnk
[2009/11/07 13:59:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\NTREGOPT.lnk
[2009/11/07 13:59:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\ERUNT.lnk
[2009/11/07 13:42:35 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Problem Description.doc
[2009/11/03 01:46:22 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/07/09 20:01:17 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/11/17 19:45:20 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/11/02 00:59:26 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
[2007/10/30 03:24:00 | 00,000,000 | ---- | C] () -- C:\Program Files\gamingGamePuzzleVB.DB
[2007/10/30 01:47:52 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\fusioncache.dat
[2007/03/22 00:54:32 | 00,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/16 19:46:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2006/07/16 19:46:09 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2006/01/03 10:47:07 | 00,004,820 | ---- | C] () -- C:\WINDOWS\CAMUNWISE.INI
[2006/01/03 10:44:31 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2005/10/01 18:20:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\intelmoh.dll
[2005/10/01 18:19:40 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2005/10/01 18:17:35 | 00,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2005/10/01 18:12:28 | 00,000,076 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2005/08/24 18:45:50 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/06/04 18:59:49 | 00,002,467 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/06/04 18:59:21 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/06/04 18:58:48 | 00,000,614 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2005/06/04 18:58:28 | 00,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
[2005/06/04 18:55:36 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/06/04 18:55:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/06/01 16:53:49 | 00,001,029 | ---- | C] () -- C:\WINDOWS\homsuite.ini
[2005/06/01 16:53:49 | 00,000,961 | ---- | C] () -- C:\WINDOWS\vrdecor.ini
[2005/06/01 16:53:49 | 00,000,317 | ---- | C] () -- C:\WINDOWS\homesym.ini
[2005/04/24 12:36:16 | 04,194,441 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\sdi.db
[2005/04/09 12:34:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\dm.ini
[2005/04/09 12:34:49 | 00,001,212 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\AdobeDLM.log
[2005/04/05 17:26:45 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/23 15:42:07 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/05/23 13:11:15 | 00,133,656 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/30 12:09:08 | 00,133,656 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/01 12:51:09 | 00,000,070 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2004/04/01 12:44:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/04/01 12:43:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/04/01 12:43:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/04/01 02:05:39 | 00,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/03/31 15:50:57 | 00,000,111 | ---- | C] () -- C:\WINDOWS\OPERA.INI
[2003/08/03 13:32:11 | 00,000,105 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2003/08/03 09:02:41 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/08/03 08:26:40 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/03 07:26:57 | 00,007,530 | ---- | C] () -- C:\WINDOWS\CADX2.INI
[2003/08/03 07:26:23 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2003/08/03 07:26:22 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2003/08/03 07:26:22 | 00,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2003/08/03 07:26:21 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2003/08/03 07:26:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2003/08/03 07:03:26 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/08/03 06:47:24 | 00,003,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/08/03 06:47:23 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/06/20 18:15:12 | 12,876,170 | -H-- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\IconCache.db
[2003/06/20 18:13:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Cheryl\Application Data\desktop.ini
[2003/06/20 12:55:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/08/29 07:00:00 | 00,000,897 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2005/04/26 09:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/29 09:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/01 23:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/03 01:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2004/03/31 15:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\interMute
[2008/11/17 19:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/08/25 21:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/09/28 18:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/11/07 10:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/29 21:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/05/24 21:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\123 Free Solitaire
[2009/11/03 01:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\eBay
[2009/02/12 19:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\GlarySoft
[2007/04/24 13:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Image Zone Express
[2009/08/01 01:19:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit
[2005/06/14 16:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Laplink
[2004/04/11 11:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Leadertech
[2005/06/14 10:00:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Nikon
[2009/06/10 02:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\POP Peeper
[2005/10/08 13:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Prevx
[2008/01/05 09:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Sammsoft
[2009/11/07 00:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Simple Sudoku
[2006/08/28 19:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Smith Micro
[2009/11/02 11:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\WholeSecurity
[2008/11/17 20:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\WinPatrol
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/11 12:38:22 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2009/11/11 12:36:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
[2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
[2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys
[2002/08/14 00:00:00 | 00,093,594 | ---- | M] (Intel Corporation) MD5=E1B24E6478AB2E5E09C21D2028E2F208 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\IdeChnDr.sys

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Go to the top of the page
 
+Quote Post
oldman960
post Nov 13 2009, 08:14 AM
Post #6


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,905
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi cherfxst,

Would appear if you did everything right. Zone Alarm is fine as it's the firewall only version.

Do you have a custom image un your Desktop that you placed there?

QUOTE
I had TeaTimer, but it doesn’t appear anymore
The log shows it as running. Is this one of the missing icons?

Download RootRepeal from one of the following locations and save it to your desktop.
  1. Open on your desktop.
  2. Click the tab.
  3. Click the button.
  4. In the Select Scan dialog, check
    1. Push Ok
    2. Check the box for your main system drive (Usually C:), and press Ok.
    3. Allow RootRepeal to run a scan of your system. This may take some time.
    4. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.


    Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.

    Thanks
    Go to the top of the page
     
    +Quote Post
    cherfxst
    post Nov 13 2009, 03:07 PM
    Post #7


    New Member
    *

    Group: Authentic Member
    Posts: 14
    Joined: 14-November 08
    From: Indiana, USA
    Member No.: 82,397
    Operating System: Windows XP Home Version 2002 Servic Pack 3
    Yes I do have a custom image onthe desktop, my first grandbaby, just had another yesterday.

    Yes did get a couple icon to appear in the startup list that havd previously disappeared. The were TeaTimer and ASUSProbe. I have been trying to closing everything down I can find before I run the applicatons, except AVG, and Zone alarm. I hope this is the correct thing to do.

    I ran the RoorRepeal as requested. I did not get get step f where I could check a box for my main drive. It also ran very quick.

    The log follows:
    ROOTREPEAL © AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/11/13 15:45
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xEC2FB000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: srescan.sys
    Image Path: srescan.sys
    Address: 0xF7316000 Size: 81920 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 031 Function Name: NtConnectPort
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28aefc0

    #: 037 Function Name: NtCreateFile
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28abc80

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c6170

    #: 046 Function Name: NtCreatePort
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28af580

    #: 047 Function Name: NtCreateProcess
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c3900

    #: 048 Function Name: NtCreateProcessEx
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c3b10

    #: 050 Function Name: NtCreateSection
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c7b10

    #: 056 Function Name: NtCreateWaitablePort
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28af670

    #: 062 Function Name: NtDeleteFile
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28ac210

    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c69f0

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c67a0

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c3280

    #: 098 Function Name: NtLoadKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c6f10

    #: 099 Function Name: NtLoadKey2
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c6f90

    #: 116 Function Name: NtOpenFile
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28ac070

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c5180

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c4f40

    #: 192 Function Name: NtRenameKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c76f0

    #: 193 Function Name: NtReplaceKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c7150

    #: 200 Function Name: NtRequestWaitReplyPort
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28aebe0

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c7540

    #: 210 Function Name: NtSecureConnectPort
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28af190

    #: 224 Function Name: NtSetInformationFile
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28ac440

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c64e0

    #: 255 Function Name: NtSystemDebugControl
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c4200

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf28c4080

    ==EOF==

    I want to thank you for all your help. It seem that you are being very through with me and I really do appreciate the time! biggrin.gif

    Go to the top of the page
     
    +Quote Post
    oldman960
    post Nov 13 2009, 07:43 PM
    Post #8


    SuperMember
    Group Icon

    Group: Classroom Teacher
    Posts: 3,905
    Joined: 27-April 08
    Member No.: 78,707
    Operating System: win98se, XP pro
    Hi cherfxst,

    A couple of icons have now reappeared?

    Let's see if there is anything lef from what your scanners found.

    Please disable this program and leave it disabled until we are done as it may interfere with any fixes we may do..

    SPYBOT TEATIMER
    • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    • On the left hand side, click on Tools, then click on the Resident Icon in the list.
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • Click on the "System Startup" icon in the List
    • Uncheck the "TeaTimer" box and "OK" any prompts.
    • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    • Exit Spybot S&D when done.
    • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please post back with the combfix log.

    Thanks
    Go to the top of the page
     
    +Quote Post
    cherfxst
    post Nov 14 2009, 08:37 AM
    Post #9


    New Member
    *

    Group: Authentic Member
    Posts: 14
    Joined: 14-November 08
    From: Indiana, USA
    Member No.: 82,397
    Operating System: Windows XP Home Version 2002 Servic Pack 3
    Here is the ComboFix Log:

    ComboFix 09-11-14.03 - Cheryl 11/14/2009 9:25.2.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.600 [GMT -5:00]
    Running from: c:\documents and settings\Cheryl\Desktop\ComboFix.exe
    .
    /wow section - STAGE 3


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\System32\SYSInfo.ocx

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
    .

    2009-11-12 14:47 . 2009-11-10 13:25 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2009-11-12 14:47 . 2009-11-10 13:24 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2009-11-12 14:47 . 2009-11-10 13:24 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2009-11-12 14:47 . 2009-11-10 13:24 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-11-12 14:47 . 2009-11-02 04:27 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-11-12 14:47 . 2009-11-02 04:27 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    2009-11-10 13:25 . 2009-11-02 04:27 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2009-11-10 13:24 . 2009-11-02 04:27 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2009-11-10 13:24 . 2009-11-02 04:27 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2009-11-09 23:01 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-11-09 22:58 . 2009-11-09 22:58 -------- d-----w- c:\program files\Secunia
    2009-11-09 22:14 . 2009-11-09 22:14 -------- d-----w- c:\windows\Sun
    2009-11-09 22:09 . 2009-11-09 22:09 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-09 22:09 . 2009-11-09 22:09 -------- d-----w- c:\program files\Java
    2009-11-09 22:08 . 2009-11-09 22:08 152576 ----a-w- c:\documents and settings\Cheryl\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-07 18:59 . 2009-11-07 19:00 -------- d-----w- c:\program files\ERUNT
    2009-11-03 06:46 . 2009-11-03 06:46 -------- d-----w- c:\documents and settings\Cheryl\Application Data\InstallShield
    2009-11-02 16:04 . 2009-11-02 16:04 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-11-02 04:28 . 2009-11-02 04:32 -------- d-----w- C:\$AVG
    2009-11-02 04:26 . 2009-11-02 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-14 14:08 . 2009-01-19 01:03 -------- d-----w- c:\documents and settings\Cheryl\Application Data\HPAppData
    2009-11-14 13:57 . 2009-01-01 03:28 20437367 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2009-11-11 15:00 . 2009-09-25 16:51 -------- d-----w- c:\program files\AskBarDis
    2009-11-11 15:00 . 2008-11-18 02:09 -------- d-----w- c:\program files\Glary Utilities
    2009-11-11 03:55 . 2009-11-11 03:56 2060288 ----a-w- c:\windows\Internet Logs\xDB55.tmp
    2009-11-11 03:55 . 2009-11-11 03:56 145920 ----a-w- c:\windows\Internet Logs\xDB54.tmp
    2009-11-10 13:24 . 2009-02-12 19:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-09 15:57 . 2009-11-09 15:59 2048512 ----a-w- c:\windows\Internet Logs\xDB53.tmp
    2009-11-09 15:57 . 2009-11-09 15:59 172544 ----a-w- c:\windows\Internet Logs\xDB52.tmp
    2009-11-07 15:26 . 2009-01-01 06:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-07 15:25 . 2005-11-13 05:44 -------- d-----w- c:\program files\SpywareBlaster
    2009-11-07 13:34 . 2009-11-07 13:35 2041856 ----a-w- c:\windows\Internet Logs\xDB51.tmp
    2009-11-07 13:34 . 2009-11-07 13:35 571904 ----a-w- c:\windows\Internet Logs\xDB50.tmp
    2009-11-07 05:21 . 2008-07-27 14:46 -------- d-----w- c:\documents and settings\Cheryl\Application Data\Simple Sudoku
    2009-11-03 06:46 . 2007-11-05 05:59 -------- d-----w- c:\documents and settings\Cheryl\Application Data\eBay
    2009-11-03 06:46 . 2007-11-05 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\eBay
    2009-11-03 06:46 . 2005-11-12 00:59 -------- d-----w- c:\program files\eBay
    2009-11-03 06:46 . 2003-08-03 11:59 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-03 05:37 . 2005-10-03 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-03 05:36 . 2005-10-03 10:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-02 16:32 . 2005-11-12 01:00 -------- d-----w- c:\documents and settings\Cheryl\Application Data\WholeSecurity
    2009-11-02 04:28 . 2009-02-12 19:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-02 04:27 . 2009-02-12 19:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-02 04:27 . 2009-02-12 19:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-02 04:26 . 2008-05-25 05:43 -------- d-----w- c:\program files\AVG
    2009-11-01 02:12 . 2009-11-01 02:13 48640 ----a-w- c:\windows\Internet Logs\xDB4F.tmp
    2009-10-31 18:31 . 2009-10-31 18:33 1998848 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
    2009-10-31 18:31 . 2009-10-31 18:33 461312 ----a-w- c:\windows\Internet Logs\xDB4D.tmp
    2009-10-29 05:05 . 2008-08-31 01:10 -------- d-----w- c:\program files\Sudoku Assistenten
    2009-10-25 01:26 . 2009-10-25 01:28 80896 ----a-w- c:\windows\Internet Logs\xDB4B.tmp
    2009-10-25 01:26 . 2009-10-25 01:28 1994752 ----a-w- c:\windows\Internet Logs\xDB4C.tmp
    2009-10-24 01:58 . 2009-10-24 01:59 1992704 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
    2009-10-24 01:58 . 2009-10-24 01:59 164864 ----a-w- c:\windows\Internet Logs\xDB49.tmp
    2009-10-23 15:22 . 2009-10-23 15:24 1992192 ----a-w- c:\windows\Internet Logs\xDB48.tmp
    2009-10-22 00:01 . 2009-10-22 00:02 1991680 ----a-w- c:\windows\Internet Logs\xDB47.tmp
    2009-10-22 00:01 . 2009-10-22 00:02 386048 ----a-w- c:\windows\Internet Logs\xDB46.tmp
    2009-10-19 04:23 . 2009-10-19 04:25 1991168 ----a-w- c:\windows\Internet Logs\xDB45.tmp
    2009-10-18 13:15 . 2009-10-18 13:16 1990656 ----a-w- c:\windows\Internet Logs\xDB44.tmp
    2009-10-16 11:26 . 2009-10-14 05:59 -------- d-----w- c:\program files\glxljt
    2009-10-15 23:26 . 2009-10-15 23:28 1989632 ----a-w- c:\windows\Internet Logs\xDB43.tmp
    2009-10-15 23:26 . 2009-10-15 23:28 120832 ----a-w- c:\windows\Internet Logs\xDB42.tmp
    2009-10-14 14:43 . 2009-10-14 14:45 166400 ----a-w- c:\windows\Internet Logs\xDB41.tmp
    2009-10-12 12:56 . 2009-10-12 12:57 1971200 ----a-w- c:\windows\Internet Logs\xDB40.tmp
    2009-10-12 12:56 . 2009-10-12 12:57 355328 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
    2009-10-10 00:31 . 2009-10-10 00:32 1970176 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
    2009-10-07 08:24 . 2009-10-07 08:25 71168 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
    2009-10-07 08:24 . 2009-10-07 08:25 1966592 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
    2009-10-06 15:56 . 2009-10-06 15:57 82432 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
    2009-10-05 16:10 . 2009-10-05 16:12 77312 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
    2009-10-04 17:58 . 2009-10-04 18:00 108544 ----a-w- c:\windows\Internet Logs\xDB38.tmp
    2009-10-04 17:58 . 2009-10-04 18:00 1962496 ----a-w- c:\windows\Internet Logs\xDB39.tmp
    2009-10-03 14:03 . 2009-10-03 14:04 83456 ----a-w- c:\windows\Internet Logs\xDB36.tmp
    2009-10-03 14:03 . 2009-10-03 14:04 1961984 ----a-w- c:\windows\Internet Logs\xDB37.tmp
    2009-10-02 16:42 . 2009-10-02 16:43 1961472 ----a-w- c:\windows\Internet Logs\xDB35.tmp
    2009-10-02 11:08 . 2009-10-02 11:09 1960960 ----a-w- c:\windows\Internet Logs\xDB34.tmp
    2009-10-02 11:07 . 2009-10-02 11:09 165376 ----a-w- c:\windows\Internet Logs\xDB33.tmp
    2009-10-01 02:36 . 2009-10-01 02:37 1960448 ----a-w- c:\windows\Internet Logs\xDB32.tmp
    2009-09-29 23:43 . 2009-09-29 23:44 95744 ----a-w- c:\windows\Internet Logs\xDB31.tmp
    2009-09-28 14:41 . 2009-09-28 14:43 172544 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
    2009-09-28 14:41 . 2009-09-28 14:43 1959424 ----a-w- c:\windows\Internet Logs\xDB30.tmp
    2009-09-25 16:40 . 2009-09-25 16:42 1950208 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
    2009-09-25 16:40 . 2009-09-25 16:42 158720 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
    2009-09-23 14:52 . 2009-09-23 14:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2009-09-22 15:05 . 2009-09-22 15:15 124928 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
    2009-09-21 13:33 . 2009-09-22 15:15 1947136 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
    2009-09-20 19:19 . 2009-09-20 19:20 99328 ----a-w- c:\windows\Internet Logs\xDB29.tmp
    2009-09-20 19:19 . 2009-09-20 19:20 1946624 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
    2009-09-19 23:01 . 2009-09-19 23:02 1946112 ----a-w- c:\windows\Internet Logs\xDB28.tmp
    2009-09-19 23:01 . 2009-09-19 23:02 288256 ----a-w- c:\windows\Internet Logs\xDB27.tmp
    2009-09-16 19:18 . 2009-09-16 19:19 1945600 ----a-w- c:\windows\Internet Logs\xDB26.tmp
    2009-09-16 09:33 . 2009-09-16 09:34 121344 ----a-w- c:\windows\Internet Logs\xDB25.tmp
    2009-09-16 09:11 . 2008-11-14 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-15 00:12 . 2009-09-15 00:14 75264 ----a-w- c:\windows\Internet Logs\xDB24.tmp
    2009-09-14 06:50 . 2009-09-14 06:51 1936384 ----a-w- c:\windows\Internet Logs\xDB23.tmp
    2009-09-14 06:50 . 2009-09-14 06:51 136192 ----a-w- c:\windows\Internet Logs\xDB22.tmp
    2009-09-13 00:07 . 2009-09-13 00:08 116224 ----a-w- c:\windows\Internet Logs\xDB21.tmp
    2009-09-12 07:05 . 2009-09-12 07:07 1936384 ----a-w- c:\windows\Internet Logs\xDB20.tmp
    2009-09-12 07:05 . 2009-09-12 07:07 219648 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
    2009-09-11 14:18 . 2002-08-29 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 18:54 . 2008-11-14 19:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 18:53 . 2008-11-14 19:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-10 02:21 . 2009-09-10 02:23 160768 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
    2009-09-10 02:21 . 2009-09-10 02:23 1928192 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
    2009-09-08 12:25 . 2009-09-08 12:26 80384 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
    2009-09-08 10:23 . 2004-04-30 17:09 133656 ----a-w- c:\documents and settings\Cheryl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-07 21:35 . 2009-09-07 21:36 202752 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
    2009-09-06 18:13 . 2009-09-06 18:14 1405440 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
    2009-09-05 15:57 . 2009-09-05 16:01 1925120 ----a-w- c:\windows\Internet Logs\xDB71.tmp
    2009-09-04 21:03 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-31 00:44 . 2009-08-31 00:45 1924608 ----a-w- c:\windows\Internet Logs\xDB19.tmp
    2009-08-29 08:08 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 16:28 . 2009-08-26 16:30 1917952 ----a-w- c:\windows\Internet Logs\xDB18.tmp
    2009-08-26 16:28 . 2009-08-26 16:30 580096 ----a-w- c:\windows\Internet Logs\xDB17.tmp
    2009-08-26 08:00 . 2002-08-29 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-20 13:34 . 2009-08-20 13:35 1906176 ----a-w- c:\windows\Internet Logs\xDB16.tmp
    2009-08-20 13:34 . 2009-08-20 13:35 543744 ----a-w- c:\windows\Internet Logs\xDB15.tmp
    2009-08-17 19:13 . 2009-08-17 19:15 1904128 ----a-w- c:\windows\Internet Logs\xDB14.tmp
    2007-10-30 08:24 . 2007-10-30 08:24 0 ----a-w- c:\program files\gamingGamePuzzleVB.DB
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-10-16 17:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-03-17 337216]
    "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-02 04:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [8/3/2003 8:15 AM 9344]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2009 2:48 PM 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2009 2:48 PM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/1/2009 11:27 PM 285392]
    R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [6/14/2005 3:50 PM 42944]
    S3 acfva;acfva;c:\windows\system32\DRIVERS\acfva.sys --> c:\windows\system32\DRIVERS\acfva.sys [?]
    S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\DRIVERS\HSFHWCD2.sys --> c:\windows\system32\DRIVERS\HSFHWCD2.sys [?]
    S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\NcBulk.SYS [6/14/2005 3:50 PM 23628]
    S3 NCBULK;NCBULK;c:\windows\system32\drivers\NcBulk.SYS [6/14/2005 3:50 PM 23628]
    S3 PAP(ZyDas);PAP Blue USB Driver (ZyDas);c:\windows\system32\drivers\PAPBlue.sys [10/28/2005 5:38 PM 402432]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
    S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [8/3/2003 8:15 AM 501376]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *NewlyCreated* - PROCEXP113
    *Deregistered* - mbr
    *Deregistered* - PROCEXP113

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-14 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2008-11-18 15:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.projectoftheweek.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE:
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-14 09:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-11-14 09:34
    ComboFix-quarantined-files.txt 2009-11-14 14:34
    ComboFix2.txt 2008-11-17 22:37

    Pre-Run: 58,855,899,136 bytes free
    Post-Run: 58,908,250,112 bytes free

    - - End Of File - - 5D10C37F7AD0C207726EAFFAF21480F7
    Go to the top of the page
     
    +Quote Post
    oldman960
    post Nov 14 2009, 06:44 PM
    Post #10


    SuperMember
    Group Icon

    Group: Classroom Teacher
    Posts: 3,905
    Joined: 27-April 08
    Member No.: 78,707
    Operating System: win98se, XP pro
    Hi cherfxst,

    Just the one file.

    Let's tidy up a bit and then I'll have you do an online scan.

    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    CODE
    :Files
    c:\windows\Internet Logs\tvDebug.Zip
    c:\windows\Internet Logs\xDB*.tmp
    c:\program files\glxljt
    :Commands
    [emptytemp]
    [Reboot]


    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.


    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


    Please go to Kaspersky website and perform an online antivirus scan.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions.
    • You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computerr under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Change the Files of type to Text file (.txt)
    • Set the Save In to Desktop
    • click the Save button.
    • Please post this log in your next reply.


    After the Kaspersky scan has competed
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • UnCheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.


    Please post back with
    • Kapersky log
    • new OTL scan log taken after the Kaspersky online
    Note there will onlt be an OTL.txt this time.
    Go to the top of the page
     
    +Quote Post
    cherfxst
    post Nov 15 2009, 09:45 AM
    Post #11


    New Member
    *

    Group: Authentic Member
    Posts: 14
    Joined: 14-November 08
    From: Indiana, USA
    Member No.: 82,397
    Operating System: Windows XP Home Version 2002 Servic Pack 3
    Sorry y took so long. I had alot of trouble downloading Kaspersky. The Internet kept losing it's connection. Besides IE being slow it hangs alot. Now I also have several files that begin with ~ on the desktop, but The computer was not restarted and none of these files were open.

    The Kaspersky log:
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, November 15, 2009
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, November 15, 2009 05:16:27
    Records in database: 3211541
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 79429
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:53:41

    No threats found. Scanned area is clean.

    Selected area has been scanned.


    The OLT log:
    OTL logfile created on: 11/15/2009 8:59:34 AM - Run 3
    OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Cheryl\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.47 Mb Total Physical Memory | 472.28 Mb Available Physical Memory | 46.14% Memory free
    2.41 Gb Paging File | 1.89 Gb Available in Paging File | 78.49% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 54.82 Gb Free Space | 73.56% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: FAMILYROOM
    Current User Name: Cheryl
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Cheryl\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Atomic Clock Sync\Atomic.exe (Chaos Software Group, Inc.)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
    PRC - C:\WorkPad\HOTSYNC.EXE (Palm Computing, Inc., a 3Com Company)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Cheryl\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\Syncor11.dll (SoundMAX)


    ========== Win32 Services (SafeList) ==========

    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
    SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
    SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
    SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
    DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
    DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
    DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
    DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
    DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
    DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
    DRV - (PAP(ZyDas) -- C:\WINDOWS\system32\drivers\PAPBlue.sys (ZyDAS Technology Corporation)
    DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
    DRV - (NCBULK) -- C:\WINDOWS\system32\drivers\NcBulk.SYS (NetChip Technology, Inc.)
    DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\NcBulk.SYS (NetChip Technology, Inc.)
    DRV - (SFTSER) -- C:\WINDOWS\system32\drivers\sftser.sys (LapLink, Inc.)
    DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
    DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\bsudf.sys (ahead software)
    DRV - (IdeChnDr) -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys (Intel Corporation)
    DRV - (IdeBusDr) -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys (Intel Corporation)
    DRV - (incdrm) -- C:\WINDOWS\system32\drivers\incdrm.sys (Ahead Software AG)
    DRV - (WBHWDOCT) -- C:\WINDOWS\system32\drivers\WBHWDOCT.sys (Winbond Electronics Corp.)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel)
    DRV - (BsStor) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
    DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
    DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
    DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.projectoftheweek.com/
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/30 18:58:15 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 10:40:11 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/09 17:09:12 | 00,000,000 | ---D | M]

    [2009/09/25 11:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\extensions
    [2009/11/11 10:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

    O1 HOSTS File: (793 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
    O4 - HKLM..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe (Chaos Software Group, Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1135387651586 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Cheryl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/06/20 18:09:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/11/15 00:13:47 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/11/14 09:24:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/11/14 09:24:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/11/14 09:24:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/11/14 09:24:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/11/14 09:22:08 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/11/13 15:43:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Cheryl\Desktop\RootRepeal.exe
    [2009/11/12 19:11:13 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
    [2009/11/12 15:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\gmer
    [2009/11/09 18:01:37 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
    [2009/11/09 17:58:12 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2009/11/09 17:14:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2009/11/09 17:09:29 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
    [2009/11/09 17:09:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/11/09 17:09:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/11/09 17:09:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/11/09 17:09:29 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/11/09 17:09:08 | 00,000,000 | ---D | C] -- C:\Program Files\Java
    [2009/11/09 17:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\Sun
    [2009/11/07 13:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2009/11/03 01:46:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\InstallShield
    [2009/11/01 23:28:19 | 00,000,000 | ---D | C] -- C:\$AVG
    [2009/11/01 23:26:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/01 10:41:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\Birthstone Info
    [1 C:\Documents and Settings\Cheryl\Desktop\*.tmp files -> C:\Documents and Settings\Cheryl\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2009/11/15 07:38:49 | 45,159,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/11/15 07:37:59 | 00,092,923 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/11/15 00:17:34 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/11/15 00:17:20 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2009/11/15 00:17:17 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2009/11/15 00:15:50 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2009/11/15 00:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/11/15 00:15:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/11/15 00:15:17 | 10,732,54400 | -HS- | M] () -- C:\hiberfil.sys
    [2009/11/15 00:14:07 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Cheryl\ntuser.dat
    [2009/11/15 00:03:00 | 13,405,898 | -H-- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\IconCache.db
    [2009/11/14 09:31:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/11/14 09:10:22 | 03,560,233 | R--- | M] () -- C:\Documents and Settings\Cheryl\Desktop\ComboFix.exe
    [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2009/11/13 15:44:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\settings.dat
    [2009/11/13 15:43:22 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Cheryl\Desktop\RootRepeal.exe
    [2009/11/12 19:11:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
    [2009/11/12 15:08:22 | 00,283,347 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\gmer.zip
    [2009/11/11 12:36:24 | 00,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/11/11 10:00:18 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Glary Utilities.lnk
    [2009/11/10 08:24:57 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/11/09 17:09:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
    [2009/11/09 17:09:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/11/09 17:09:11 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/11/09 17:09:11 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/11/09 17:09:11 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/11/07 15:00:05 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Problem Description.doc
    [2009/11/07 13:59:48 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\NTREGOPT.lnk
    [2009/11/07 13:59:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\ERUNT.lnk
    [2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
    [2009/11/03 01:46:22 | 00,000,157 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
    [2009/11/02 22:57:48 | 00,000,897 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/11/02 22:57:48 | 00,000,281 | RHS- | M] () -- C:\boot.ini
    [2009/11/01 23:28:07 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/11/01 23:27:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/11/01 23:27:44 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/11/01 23:27:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/11/01 10:55:16 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/11/01 09:57:52 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/11/01 09:57:52 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/11/01 09:57:52 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/10/27 17:27:34 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\EbayMessages.doc
    [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2009/10/24 17:18:47 | 00,001,619 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Earring_design.jpg
    [2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
    [2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2009/10/18 22:49:42 | 00,001,642 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\Danielle Promissory Note - Due on Demand 1.qfl
    [2009/10/18 22:35:36 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\DanielleOwes.xls
    [2009/10/18 22:20:06 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\MatGriffinLoan.xls
    [1 C:\Documents and Settings\Cheryl\Desktop\*.tmp files -> C:\Documents and Settings\Cheryl\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2009/11/14 09:24:11 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/11/14 09:24:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/11/14 09:24:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/11/14 09:24:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2009/11/14 09:24:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/11/14 09:10:23 | 03,560,233 | R--- | C] () -- C:\Documents and Settings\Cheryl\Desktop\ComboFix.exe
    [2009/11/13 15:44:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\settings.dat
    [2009/11/12 15:08:25 | 00,283,347 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\gmer.zip
    [2009/11/11 10:00:18 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Glary Utilities.lnk
    [2009/11/07 13:59:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\NTREGOPT.lnk
    [2009/11/07 13:59:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\ERUNT.lnk
    [2009/11/07 13:42:35 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Problem Description.doc
    [2009/11/03 01:46:22 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
    [2009/10/24 17:21:11 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Earring_design.jpg
    [2009/10/18 22:49:42 | 00,001,642 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\Danielle Promissory Note - Due on Demand 1.qfl
    [2009/07/09 20:01:17 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/11/17 19:45:20 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
    [2007/11/02 00:59:26 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
    [2007/10/30 03:24:00 | 00,000,000 | ---- | C] () -- C:\Program Files\gamingGamePuzzleVB.DB
    [2007/10/30 01:47:52 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\fusioncache.dat
    [2007/03/22 00:54:32 | 00,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2006/07/16 19:46:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2006/07/16 19:46:09 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2006/01/03 10:47:07 | 00,004,820 | ---- | C] () -- C:\WINDOWS\CAMUNWISE.INI
    [2006/01/03 10:44:31 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
    [2005/10/01 18:20:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\intelmoh.dll
    [2005/10/01 18:19:40 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
    [2005/10/01 18:17:35 | 00,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
    [2005/10/01 18:12:28 | 00,000,076 | ---- | C] () -- C:\WINDOWS\autmtst.ini
    [2005/08/24 18:45:50 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
    [2005/06/04 18:59:49 | 00,002,467 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
    [2005/06/04 18:59:21 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
    [2005/06/04 18:58:48 | 00,000,614 | ---- | C] () -- C:\WINDOWS\photoprn.ini
    [2005/06/04 18:58:28 | 00,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
    [2005/06/04 18:55:36 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2005/06/04 18:55:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2005/06/01 16:53:49 | 00,001,029 | ---- | C] () -- C:\WINDOWS\homsuite.ini
    [2005/06/01 16:53:49 | 00,000,961 | ---- | C] () -- C:\WINDOWS\vrdecor.ini
    [2005/06/01 16:53:49 | 00,000,317 | ---- | C] () -- C:\WINDOWS\homesym.ini
    [2005/04/24 12:36:16 | 04,194,441 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\sdi.db
    [2005/04/09 12:34:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\dm.ini
    [2005/04/09 12:34:49 | 00,001,212 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\AdobeDLM.log
    [2005/04/05 17:26:45 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
    [2004/12/23 15:42:07 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
    [2004/05/23 13:11:15 | 00,133,656 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\GDIPFONTCACHEV1.DAT
    [2004/04/30 12:09:08 | 00,133,656 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2004/04/01 12:51:09 | 00,000,070 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
    [2004/04/01 12:44:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
    [2004/04/01 12:43:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
    [2004/04/01 12:43:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
    [2004/04/01 02:05:39 | 00,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
    [2004/03/31 15:50:57 | 00,000,111 | ---- | C] () -- C:\WINDOWS\OPERA.INI
    [2003/08/03 13:32:11 | 00,000,105 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
    [2003/08/03 09:02:41 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
    [2003/08/03 08:26:40 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/08/03 07:26:57 | 00,007,530 | ---- | C] () -- C:\WINDOWS\CADX2.INI
    [2003/08/03 07:26:23 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
    [2003/08/03 07:26:22 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
    [2003/08/03 07:26:22 | 00,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
    [2003/08/03 07:26:21 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
    [2003/08/03 07:26:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
    [2003/08/03 07:03:26 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2003/08/03 06:47:24 | 00,003,793 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2003/08/03 06:47:23 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2003/06/20 18:15:12 | 13,405,898 | -H-- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\IconCache.db
    [2003/06/20 18:13:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Cheryl\Application Data\desktop.ini
    [2003/06/20 12:55:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2002/08/29 07:00:00 | 00,000,897 | ---- | C] () -- C:\WINDOWS\win.ini
    [2002/08/29 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
    [2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    < End of report >
    Go to the top of the page
     
    +Quote Post
    oldman960
    post Nov 15 2009, 01:08 PM
    Post #12


    SuperMember
    Group Icon

    Group: Classroom Teacher
    Posts: 3,905
    Joined: 27-April 08
    Member No.: 78,707
    Operating System: win98se, XP pro
    Hi cherfxst,

    Those are most likely temporary files. Are your usuall desktop icoms still present. Please post a couple of sample names just to comfirm.

    Reboot your computer. Are they still there?

    I don't see any malware present. Let's see if it's an Add on on that's causing IE to be slow.

    Click your start button > All Programs > Accessories > System Tools

    Click on Internet Explorer (No Add Ons)

    This will open IE with all add ons disabled. Click the homepage icon to load your home page then browse around and see if there is an improvement.

    Thanks
    Go to the top of the page
     
    +Quote Post
    cherfxst
    post Nov 15 2009, 03:02 PM
    Post #13


    New Member
    *

    Group: Authentic Member
    Posts: 14
    Joined: 14-November 08
    From: Indiana, USA
    Member No.: 82,397
    Operating System: Windows XP Home Version 2002 Servic Pack 3
    Hi OldMan960,

    Here is one of the names ~$ayMessages.doc and the real file is also there. Here is another name ~WRL1176.tmp, yah this one one looks like a temp file.

    Also I don't see Teatimer in the startup list again. I checked Spybot as instructed previously and the Resident TeaTimer box is checked.

    As a side. Do I have enough or too much running at startup?

    The problems with IE taking to me different pages than what I clicked has cleared up. The incorrect redriction problem only happened for a day or so, and I can't remember if it was before or after I removed the "Fraud.Sysguard".

    I do know am having a problem with the EBAY toolbar. The problem with the EBAY toolbar was it would not recognize I was signed in. So I ran an Install. Still same problem. So I Uninstalled it and then Installed it. Still same problem. Then after some reboot I lost the entire toolbar, didn't even appear under Tools > Toolbars. I installed it again and it appears in the Toolbars now, but still will not recognize I am signed into EBAY.

    Should we try to fix this first, because IE timing out (or just hanging) is kind of sporadic. The hanging is what I mean't by IE being slow. I usually would remedy the situation by : stop IE page, shut IE down, then start IE again. All worked ok for awhile. Sometimes I could do alot and sometime it would start to hang again right away. It could take hours or days to tell if turning off toolbars helps.

    With this new information do you still want me to turn off all toolbars and just play hard at IR? Or should we try to fix EBAY toolbar first?

    You lead the way and I will follow!
    Thanks
    Go to the top of the page
     
    +Quote Post
    oldman960
    post Nov 15 2009, 07:11 PM
    Post #14


    SuperMember
    Group Icon

    Group: Classroom Teacher
    Posts: 3,905
    Joined: 27-April 08
    Member No.: 78,707
    Operating System: win98se, XP pro
    Hi cherfxst,

    All the files that have a ~ at the begining are "backups", they can safely be deleted.

    QUOTE
    The hanging is what I mean't by IE being slow.
    This happens on different sites?

    Is the EBay toolbar the only problem you are having with IE?

    Let's clean out a cache and see if that will help the hanging.

    Click the Start Button > Run > type: cmd
    • Press OK or Hit Enter.
    • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between ..g /f it needs to be there)
    • Hit Enter.
    • You will get a confirmation that the flush was successful.
    • Close the command box.


    Thanks
    Go to the top of the page
     
    +Quote Post
    cherfxst
    post Nov 15 2009, 10:59 PM
    Post #15


    New Member
    *

    Group: Authentic Member
    Posts: 14
    Joined: 14-November 08
    From: Indiana, USA
    Member No.: 82,397
    Operating System: Windows XP Home Version 2002 Servic Pack 3
    Well I ran the code you gave me and we were going like gang busters, way fast. Then I shut down IE and went to reopen it and it hung. Hit stop, shut IE, then opened it again and came here to post this.

    The only definite problem I know I have with IE is with the EBAY toolbar.

    As for windows, it is still slow to start and I get different programs starting up. TeaTimer is not showing up again for one, should it be? I did go back to Spybot and make sure it was checked as Resident TeaTimer.

    I am just so confused.
    Go to the top of the page
     
    +Quote Post
    « Next Oldest · Infections Removal · Next Newest »
     

    2 Pages V   1 2 >
    		Reply to this topicStart new topic
    1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
    0 Members:

     
    RSS Time is now: 20th November 2009 - 05:57 PM
    Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
    Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
    Memory Forums | Auto Repair Forum
    © Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
    Powered By IP.Board © 2009  IPS, Inc.