[Resolved] PC = Molasses

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Resolved] PC = Molasses

Schillerdog View Member Profile	Jun 17 2009, 08:40 PM Post #1
Authentic Member Group: Authentic Member Posts: 21 Joined: 21-July 05 Member No.: 36,900 Operating System: Windows XP	I am trying to clear up issues on a friends HP lap top. The O/S is Windows Vista Home Edition. Primarily it is extremely slow. On restart it can take over an hour to reboot. A large percentage of the time the O/S fails to shut down properly and I have to hold in the power button, shut it down completely, and perform a cold boot. Even then it can still take over an hour to boot up. Using the restart function the PC will repeatedly shut itself off and turn back on but will fail to reboot. AVG found no infections and AdAware stopped responding before a scan could be completed. I have installed Spybot several times and it keeps getting error messages and will not scan. Also, on reboot, a splash screem pops up directing that a security scan be performed. I have pasted the HJT log below. Thank you in advance for your time. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:19:33 PM, on 6/17/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\WINDOWS\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wuauclt.exe C:\WINDOWS\System32\rundll32.exe C:\Users\Steve\AppData\Roaming\U3\0000184CF472E32C\LaunchPad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] "C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8850 bytes

Start new topic

Replies (1 - 9)

Tomk View Member Profile	Jun 20 2009, 04:07 PM Post #2
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,304 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi Schillerdog, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean Then Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it). Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

Schillerdog View Member Profile	Jun 20 2009, 07:44 PM Post #3
Authentic Member Group: Authentic Member Posts: 21 Joined: 21-July 05 Member No.: 36,900 Operating System: Windows XP	Internet is responding faster now but is still pretty slow overall. On both restarts the 'restart computer' feature did not properly shut down the system and would not boot up. It is still doing the on off cycling thing and it will not boot up unless I hold down the power key and shut the machine completely down. After a cold boot the machine starts up but it is still very slow to boot up. I have pasted the requested logs below for your review. Thanks for your help. LOG 1 - MALWAREBYTES ANTI MALWARE LOG Malwarebytes' Anti-Malware 1.38 Database version: 2317 Windows 6.0.6000 6/20/2009 9:26:25 PM mbam-log-2009-06-20 (21-26-25).txt Scan type: Quick Scan Objects scanned: 77921 Time elapsed: 8 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 46 Files Infected: 94 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware322 (Adware.Starware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware381 (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\starware381 (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files\Starware322 (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware322\bin (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware322\icons (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\Starware381 (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware381\bin (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware381\icons (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\Starware381 (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Configurator (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games\images (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\GenericRSSFeed (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Layouts (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Manager (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Marketing4 (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\marketing4\images (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\marketing4\images\active (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\marketing4\images\default (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies\images (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\MusicSearch (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\screensaversmarketingsitepager\images (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\screensaversmarketingsitepager\images\active (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\screensaversmarketingsitepager\images\default (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\Starware322 (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\contexts (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\images (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\Starware381 (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\contexts (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully. Files Infected: c:\program files\starware322\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware322\Starware322Config.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware322\Starware322Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware322\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware381\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware381\Starware381Config.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware381\Starware381Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully. c:\program files\starware381\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\browsersearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\browsersearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\errorsearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\errorsearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\genericrssfeed\GenericRSSFeedOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\genericrssfeed\GenericRSSFeedOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\marketing4\Marketing4Options.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\marketing4\Marketing4Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\marketing4\images\active\Marketing40.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\musicsearch\MusicSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\musicsearch\MusicSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\relatedsearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\relatedsearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\screensaversmarketingsitepager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\screensaversmarketingsitepager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\screensaversmarketingsitepager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\toolbarlogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\toolbarlogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\toolbarsearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\toolbarsearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\travelsearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\starware381\travelsearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware322\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\lyrics.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\lyrics.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\music_search.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\music_search.png (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\simpleupdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\simpleupdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\simpleupdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\simpleupdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\simpleupdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully. c:\programdata\starware381\simpleupdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\Log\2009 Jun 17 - 11_00_45 AM_853.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\Log\2009 Jun 17 - 11_00_48 AM_895.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\Log\2009 Jun 17 - 11_23_10 AM_867.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\Log\2009 Jun 17 - 11_24_31 AM_508.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully. c:\Users\Steve\AppData\Roaming\errorsmart\registry backups\2008-02-07_08-16-12.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully. HIJACK THIS LOG 2 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:34:52 PM, on 6/20/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] "C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8638 bytes

Tomk View Member Profile	Jun 20 2009, 09:57 PM Post #4
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,304 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Schillerdog, Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Schillerdog View Member Profile	Jun 21 2009, 07:03 PM Post #5
Authentic Member Group: Authentic Member Posts: 21 Joined: 21-July 05 Member No.: 36,900 Operating System: Windows XP	This is the OTL.txt log you requested. The Extras.txt log will be in the reply directly after this one. OTL.txt OTL logfile created on: 6/21/2009 8:43:50 PM - Run 1 OTL by OldTimer - Version 3.0.4.0 Folder = C:\Users\Steve\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16851) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 958.00 Mb Total Physical Memory \| 238.66 Mb Available Physical Memory \| 24.91% Memory free 2.12 Gb Paging File \| 1.21 Gb Available in Paging File \| 57.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 105.20 Gb Total Space \| 70.38 Gb Free Space \| 66.90% Space Free \| Partition Type: NTFS Drive D: \| 6.59 Gb Total Space \| 0.61 Gb Free Space \| 9.31% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STEVE-PC Current User Name: Steve Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008/10/29 02:20:29 \| 02,923,520 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2009/05/28 06:06:54 \| 00,298,776 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2006/08/05 05:39:20 \| 00,386,560 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe PRC - [2006/05/02 18:41:28 \| 00,135,168 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2009/05/28 06:07:18 \| 00,486,680 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/05/28 06:07:18 \| 00,594,712 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2006/11/15 01:02:46 \| 00,815,104 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2006/10/18 13:56:54 \| 00,317,152 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2007/05/08 17:24:20 \| 00,054,840 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2009/03/02 21:59:26 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe PRC - [2005/02/16 20:15:20 \| 00,081,920 \| ---- \| M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2008/01/11 22:16:38 \| 00,039,792 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2008/06/16 09:03:20 \| 00,075,008 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2009/05/28 06:07:07 \| 01,947,928 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2008/01/10 04:02:15 \| 01,232,896 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2006/11/02 08:35:32 \| 00,125,440 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2006/11/02 08:36:04 \| 00,201,728 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2007/11/22 10:53:28 \| 01,777,296 \| ---- \| M] (CyberScrub LLC) -- C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe PRC - [2006/10/10 20:44:10 \| 00,034,520 \| ---- \| M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe PRC - [2007/01/02 21:40:10 \| 00,210,520 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe PRC - [2006/11/02 08:35:32 \| 00,037,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2007/09/08 10:31:24 \| 10,186,752 \| ---- \| M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe PRC - [2007/12/07 20:44:36 \| 00,101,440 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2006/11/02 08:36:04 \| 00,895,488 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2006/11/02 05:45:50 \| 00,037,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2008/01/10 04:02:15 \| 01,232,896 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2006/12/10 21:51:08 \| 00,271,960 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe PRC - [2008/06/16 09:02:28 \| 00,094,208 \| ---- \| M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe PRC - [2006/11/02 05:45:59 \| 00,116,736 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009/03/02 21:59:26 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe PRC - [2009/06/21 20:43:03 \| 00,513,024 \| ---- \| M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2006/06/26 13:50:08 \| 00,126,976 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand \| Stopped]) SRV - [2009/05/28 06:06:54 \| 00,298,776 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto \| Running]) SRV - [2006/11/24 19:34:16 \| 00,270,431 \| ---- \| M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [On_Demand \| Stopped]) SRV - [2006/11/02 02:34:11 \| 00,059,392 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2006/11/24 19:34:20 \| 00,118,877 \| ---- \| M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched [On_Demand \| Stopped]) SRV - File not found -- -- (CLTNetCnService [Auto \| Stopped]) SRV - [2006/11/02 08:35:28 \| 00,291,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand \| Stopped]) SRV - [2006/11/02 08:35:29 \| 00,131,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand \| Stopped]) SRV - [2006/11/02 08:35:29 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto \| Stopped]) SRV - [2006/11/02 05:46:13 \| 00,989,696 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto \| Running]) SRV - [2006/11/02 08:36:00 \| 00,036,864 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/01/29 13:09:58 \| 00,165,416 \| ---- \| M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand \| Stopped]) SRV - [2008/06/16 09:02:28 \| 00,094,208 \| ---- \| M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto \| Running]) SRV - [2007/03/13 02:23:18 \| 00,225,280 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand \| Running]) SRV - [2007/03/13 02:23:18 \| 00,131,072 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto \| Running]) SRV - [2006/05/02 18:41:28 \| 00,135,168 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto \| Running]) SRV - [2004/10/22 07:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2006/11/02 08:36:02 \| 00,741,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2006/10/19 17:52:24 \| 00,061,440 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [On_Demand \| Stopped]) SRV - [2008/07/18 13:13:20 \| 00,044,032 \| ---- \| M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto \| Running]) SRV - [2006/11/02 08:36:02 \| 00,122,880 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2007/08/24 03:19:12 \| 00,443,776 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand \| Stopped]) SRV - [2006/10/26 18:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2008/07/18 13:13:20 \| 00,053,760 \| ---- \| M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto \| Running]) SRV - [2006/11/06 17:31:14 \| 00,887,544 \| ---- \| M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand \| Stopped]) SRV - [2006/11/01 15:17:32 \| 00,073,728 \| R--- \| M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand \| Stopped]) SRV - [2007/04/12 03:00:55 \| 00,265,912 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto \| Running]) SRV - [2006/11/02 08:36:04 \| 00,895,488 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand \| Running]) SRV - [2006/08/05 05:39:20 \| 00,386,560 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto \| Running]) ========== Driver Services (SafeList) ========== DRV - [2006/11/02 05:51:38 \| 00,420,968 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled \| Stopped]) DRV - [2006/11/02 05:51:32 \| 00,297,576 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled \| Stopped]) DRV - [2006/11/02 05:50:35 \| 00,098,408 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled \| Stopped]) DRV - [2006/11/02 05:51:00 \| 00,147,048 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled \| Stopped]) DRV - [2006/11/02 05:50:11 \| 00,071,272 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled \| Stopped]) DRV - [2006/11/02 05:49:20 \| 00,014,952 \| ---- \| M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled \| Stopped]) DRV - [2006/11/02 05:50:09 \| 00,067,688 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled \| Stopped]) DRV - [2006/11/02 05:50:10 \| 00,067,688 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled \| Stopped]) DRV - [2009/05/28 06:08:30 \| 00,325,896 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System \| Running]) DRV - [2009/05/28 06:08:29 \| 00,027,784 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System \| Running]) DRV - [2009/05/28 06:08:49 \| 00,108,552 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System \| Running]) DRV - [2007/01/03 15:43:12 \| 00,534,016 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand \| Stopped]) DRV - [2007/01/03 15:43:12 \| 00,534,016 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand \| Stopped]) DRV - [2006/11/02 04:24:45 \| 00,013,568 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand \| Stopped]) DRV - [2006/11/02 04:24:46 \| 00,005,248 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand \| Stopped]) DRV - [2006/11/02 04:25:24 \| 00,071,808 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled \| Stopped]) DRV - [2006/11/02 04:24:44 \| 00,062,336 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled \| Stopped]) DRV - [2006/11/02 04:24:44 \| 00,012,160 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled \| Stopped]) DRV - [2006/11/02 04:24:47 \| 00,011,904 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand \| Stopped]) DRV - [2006/11/02 05:49:28 \| 00,016,488 \| ---- \| M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled \| Stopped]) DRV - [2006/11/02 03:30:54 \| 00,163,328 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand \| Stopped]) DRV - [2006/11/02 03:30:54 \| 00,117,760 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand \| Stopped]) DRV - [2006/06/28 13:57:00 \| 00,008,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [System \| Running]) DRV - [2006/11/02 05:51:34 \| 00,316,520 \| ---- \| M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled \| Stopped]) DRV - [2006/09/19 14:44:04 \| 00,015,664 \| ---- \| M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand \| Running]) DRV - [2006/06/28 13:54:00 \| 00,009,472 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand \| Running]) DRV - [2006/11/18 15:32:16 \| 00,145,920 \| ---- \| M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService [On_Demand \| Running]) DRV - [2006/11/02 05:50:10 \| 00,037,480 \| ---- \| M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled \| Stopped]) DRV - [2006/11/02 03:41:49 \| 00,200,704 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand \| Stopped]) DRV - [2006/10/18 23:09:26 \| 00,986,624 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand \| Running]) DRV - [2006/10/18 23:08:14 \| 00,206,848 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand \| Running]) DRV - [2006/10/18 22:10:57 \| 01,380,864 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand \| Stopped]) DRV - [2006/11/02 05:51:25 \| 00,232,040 \| ---- \| M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled \| Stopped]) DRV - [2006/11/02 05:50:17 \| 00,041,576 \| ---- \| M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled \| Stopped]) DRV - [2006/11/02 05:50:07 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled \| Stopped]) DRV - [2006/11/02 05:50:09 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled \| Stopped]) DRV - [2006/11/02 05:50:04 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled \| Stopped]) DRV - [2006/11/02 05:50:05 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled \| Stopped]) DRV - [2006/11/02 05:50:10 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled \| Stopped]) DRV - [2007/06/03 10:51:18 \| 00,008,413 \| ---- \| M] (RealNetworks, Inc.) -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM [Auto \| Running]) DRV - [2006/06/20 02:26:58 \| 00,012,672 \| ---- \| M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto \| Running]) DRV - [2006/11/02 05:49:53 \| 00,028,776 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled \| Stopped]) DRV - [2006/11/02 05:49:59 \| 00,033,384 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled \| Stopped]) DRV - [2006/11/02 05:50:19 \| 00,045,160 \| ---- \| M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled \| Stopped]) DRV - [2006/11/02 03:36:50 \| 00,020,608 \| ---- \| M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled \| Stopped]) DRV - [2006/11/02 03:30:56 \| 00,429,056 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand \| Running]) DRV - [2007/02/27 11:26:00 \| 04,465,184 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand \| Running]) DRV - [2006/11/02 05:50:24 \| 00,088,680 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled \| Stopped]) DRV - [2006/09/15 04:44:18 \| 00,011,520 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand \| Running]) DRV - [2006/11/02 05:50:13 \| 00,040,040 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot \| Running]) DRV - [2006/07/24 07:00:00 \| 00,036,528 \| ---- \| M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot \| Running]) DRV - [2006/11/02 05:51:45 \| 00,900,712 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled \| Stopped]) DRV - [2006/11/02 05:50:35 \| 00,106,088 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled \| Stopped]) DRV - [2006/11/15 13:16:24 \| 00,032,256 \| ---- \| M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto \| Running]) DRV - [2006/11/15 08:42:46 \| 00,043,520 \| ---- \| M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto \| Running]) DRV - [2006/11/15 06:35:20 \| 00,037,376 \| ---- \| M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto \| Running]) DRV - [2006/11/02 02:37:21 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto \| Running]) DRV - [2006/11/02 05:50:10 \| 00,038,504 \| ---- \| M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled \| Stopped]) DRV - [2006/11/02 05:50:16 \| 00,071,784 \| ---- \| M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled \| Stopped]) DRV - [2006/11/02 05:50:05 \| 00,035,944 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled \| Stopped]) DRV - [2006/11/02 05:49:56 \| 00,031,848 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled \| Stopped]) DRV - [2006/11/02 05:50:03 \| 00,034,920 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled \| Stopped]) DRV - [2006/11/15 01:24:00 \| 00,179,256 \| ---- \| M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand \| Running]) DRV - [2006/11/02 05:51:25 \| 00,235,112 \| ---- \| M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled \| Stopped]) DRV - [2006/11/02 05:50:35 \| 00,098,408 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled \| Stopped]) DRV - [2006/11/02 05:50:45 \| 00,115,816 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled \| Stopped]) DRV - [2006/11/02 05:49:30 \| 00,017,512 \| ---- \| M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled \| Stopped]) DRV - [2006/11/02 05:50:41 \| 00,112,232 \| ---- \| M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled \| Stopped]) DRV - [2003/01/10 17:13:04 \| 00,033,588 \| ---- \| M] (America Online, Inc.) -- C:\Windows\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand \| Stopped]) DRV - [2006/10/18 23:08:04 \| 00,659,968 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand \| Running]) DRV - [2006/08/05 05:39:10 \| 00,008,192 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7 FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13610 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/05/28 06:06:47 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/05/28 06:06:49 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/11/28 10:12:16 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/11/28 10:12:15 \| 00,000,000 \| ---D \| M] [2008/11/28 10:12:43 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions [2008/11/28 10:12:43 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/17 22:35:28 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\22dh81p3.default\extensions [2009/04/01 11:58:36 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\22dh81p3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/06/17 22:35:28 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2008/11/28 10:12:44 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008/11/28 10:12:15 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/06/17 22:27:01 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\browserhighlighter@ebay.com [2008/09/25 09:52:10 \| 00,023,040 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2008/09/25 09:52:11 \| 00,134,656 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/09/25 09:52:12 \| 00,065,536 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/05/10 22:52:34 \| 00,095,864 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/09/24 21:21:16 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/09/24 21:21:16 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/09/24 21:21:16 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/09/24 21:21:16 \| 00,002,642 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/09/24 21:21:16 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/09/24 21:21:16 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2008/09/24 21:21:16 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKCU..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe (CyberScrub LLC) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (AVM Software Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: 307 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.40 24.92.226.41 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/19 11:45:18 \| 00,000,074 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 10:18:54 \| 00,000,340 \| -HS- \| M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/06/21 20:42:46 \| 00,513,024 \| ---- \| C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe [2009/06/20 21:14:59 \| 00,000,000 \| ---D \| C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes [2009/06/20 21:14:57 \| 00,000,818 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/20 21:14:53 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/06/20 21:14:52 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/06/20 21:14:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/06/20 21:14:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/06/20 21:13:47 \| 03,561,744 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup.exe [2009/06/20 21:03:46 \| 00,264,704 \| ---- \| C] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe [2009/06/17 22:18:57 \| 00,001,874 \| ---- \| C] () -- C:\Users\Steve\Desktop\HijackThis.lnk [2009/06/17 22:18:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/06/17 22:17:37 \| 15,083,520 \| ---- \| C] (Safer Networking Limited ) -- C:\Users\Steve\Desktop\spybotsd160.exe [2009/06/17 22:17:27 \| 00,812,344 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HJTInstall.exe [2009/06/17 22:17:08 \| 00,000,000 \| ---D \| C] -- C:\Users\Steve\AppData\Roaming\U3 [2009/06/17 12:05:30 \| 00,000,002 \| ---- \| C] () -- C:\Windows\msoffice.ini [2009/06/17 11:41:23 \| 06,291,456 \| -H-- \| C] () -- C:\Users\Steve\AppData\Local\IconCache.db [2009/06/16 12:43:51 \| 00,001,019 \| ---- \| C] () -- C:\Users\Steve\Desktop\Ad-Aware SE Professional.lnk [2009/06/16 12:42:43 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009/06/16 12:20:53 \| 00,000,000 \| ---D \| C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy) [2009/06/16 12:20:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy) [2009/06/16 12:20:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) [2009/06/16 12:20:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) [2009/06/16 12:01:44 \| 00,000,973 \| ---- \| C] () -- C:\Users\Steve\Desktop\Hard Drive Washer.lnk [2009/06/16 12:01:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\1-abc [2009/06/16 11:56:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Steve\AppData\Roaming\CyberScrub [2009/06/16 11:56:24 \| 00,000,852 \| ---- \| C] () -- C:\Users\Public\Desktop\CyberScrub Privacy Suite.lnk [2009/06/16 11:56:23 \| 00,000,187 \| ---- \| C] () -- C:\Windows\csact.ini [2009/06/16 11:56:20 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CyberScrub Privacy Suite [2009/06/15 09:28:54 \| 00,000,394 \| ---- \| C] () -- C:\Windows\tasks\Schedule Task Weekly.job [2009/06/14 05:39:30 \| 00,428,032 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009/06/14 05:39:27 \| 00,292,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009/06/14 05:39:16 \| 01,244,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2009/06/14 05:39:15 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009/06/14 05:39:15 \| 00,177,152 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009/06/14 05:39:15 \| 00,068,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2009/06/14 05:39:14 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009/06/14 05:39:14 \| 00,057,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2009/06/11 06:06:49 \| 02,028,032 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009/06/11 06:06:45 \| 00,696,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2009/06/11 06:06:41 \| 00,788,992 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll [2009/06/11 06:06:23 \| 03,596,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/06/11 06:06:22 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/06/11 06:06:22 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/06/11 06:06:20 \| 06,066,176 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/06/11 06:06:19 \| 01,159,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/06/11 06:06:18 \| 00,385,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/06/11 06:06:17 \| 00,827,392 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/06/11 06:06:17 \| 00,459,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/06/11 06:06:17 \| 00,347,136 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2009/06/11 06:06:17 \| 00,268,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/06/11 06:06:17 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/06/11 06:06:17 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/06/11 06:06:16 \| 00,477,696 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll [2009/06/11 06:06:16 \| 00,214,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2009/06/11 06:06:16 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/06/11 06:06:16 \| 00,063,488 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll [2009/06/11 06:06:15 \| 01,830,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009/06/11 06:06:15 \| 00,180,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009/06/11 06:06:15 \| 00,124,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll [2009/06/11 06:06:15 \| 00,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2009/06/11 06:06:15 \| 00,044,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009/06/11 06:06:15 \| 00,027,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/06/11 06:06:14 \| 00,070,656 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009/06/11 06:06:14 \| 00,056,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009/06/11 06:06:14 \| 00,044,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2009/06/11 06:06:14 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/06/11 06:06:13 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/06/11 06:06:13 \| 00,161,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2009/06/11 06:06:13 \| 00,048,128 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2009/06/11 06:06:12 \| 00,383,488 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2009/05/28 12:46:17 \| 00,000,000 \| -H-D \| C] -- C:\$AVG8.VAULT$ [2009/05/28 06:08:50 \| 00,011,952 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/05/28 06:08:50 \| 00,001,647 \| ---- \| C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk [2009/05/28 06:08:49 \| 00,108,552 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2009/05/28 06:08:29 \| 00,325,896 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/05/28 06:07:52 \| 37,327,087 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/05/28 06:07:52 \| 00,434,673 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2009/05/28 06:07:52 \| 00,086,309 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/05/28 06:07:44 \| 06,061,540 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2009/05/28 06:07:44 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\drivers\Avg [2009/05/28 06:06:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AVG [2009/05/28 06:06:45 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\avg8 [2008/03/27 17:33:55 \| 00,021,504 \| ---- \| C] () -- C:\Windows\jestertb.dll [2007/11/13 18:23:10 \| 00,000,221 \| ---- \| C] () -- C:\Windows\NCLogConfig.ini [2006/11/29 03:32:42 \| 00,000,000 \| ---- \| C] () -- C:\Windows\System32\px.ini [2006/11/02 08:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:25:21 \| 00,061,440 \| ---- \| C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 06:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 06:23:31 \| 00,000,204 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 03:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/09/19 03:02:40 \| 00,520,192 \| ---- \| C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/09/19 03:02:40 \| 00,204,800 \| ---- \| C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/03/09 19:58:00 \| 01,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/07 08:06:00 \| 00,016,480 \| ---- \| C] () -- C:\Windows\System32\rixdicon.dll [2004/09/16 16:24:26 \| 03,375,104 \| ---- \| C] () -- C:\Windows\System32\qt-mt331.dll ========== Files - Modified Within 30 Days ========== [2009/06/21 20:46:35 \| 00,618,526 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/06/21 20:46:35 \| 00,103,946 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/06/21 20:46:34 \| 00,716,948 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/06/21 20:43:03 \| 00,513,024 \| ---- \| M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe [2009/06/21 20:41:38 \| 37,327,087 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/06/21 20:41:38 \| 00,086,309 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/06/21 20:39:24 \| 00,025,159 \| ---- \| M] () -- C:\Users\Steve\AppData\Roaming\nvModes.001 [2009/06/21 20:38:44 \| 00,003,072 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/06/21 20:38:44 \| 00,003,072 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/06/21 20:38:41 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/06/21 20:38:35 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/06/20 21:27:43 \| 00,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2009/06/20 21:27:32 \| 06,291,456 \| -H-- \| M] () -- C:\Users\Steve\AppData\Local\IconCache.db [2009/06/20 21:14:57 \| 00,000,818 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/20 21:14:07 \| 03,561,744 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup.exe [2009/06/20 21:04:05 \| 00,264,704 \| ---- \| M] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe [2009/06/20 20:54:52 \| 00,025,159 \| ---- \| M] () -- C:\Users\Steve\AppData\Roaming\nvModes.dat [2009/06/17 22:18:57 \| 00,001,874 \| ---- \| M] () -- C:\Users\Steve\Desktop\HijackThis.lnk [2009/06/17 21:35:18 \| 00,812,344 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HJTInstall.exe [2009/06/17 12:05:56 \| 00,000,204 \| ---- \| M] () -- C:\Windows\win.ini [2009/06/17 12:05:30 \| 00,000,002 \| ---- \| M] () -- C:\Windows\msoffice.ini [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/06/16 12:01:44 \| 00,000,973 \| ---- \| M] () -- C:\Users\Steve\Desktop\Hard Drive Washer.lnk [2009/06/16 11:56:45 \| 00,000,187 \| ---- \| M] () -- C:\Windows\csact.ini [2009/06/16 11:56:24 \| 00,000,852 \| ---- \| M] () -- C:\Users\Public\Desktop\CyberScrub Privacy Suite.lnk [2009/06/15 13:10:03 \| 00,000,394 \| ---- \| M] () -- C:\Windows\tasks\Schedule Task Weekly.job [2009/06/13 04:54:58 \| 00,000,322 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForSteve.job [2009/06/12 11:06:49 \| 00,003,293 \| ---- \| M] () -- C:\Windows\System32\requestBody.xml [2009/06/12 11:06:49 \| 00,001,883 \| ---- \| M] () -- C:\Windows\System32\responseBody.xml [2009/06/12 11:06:49 \| 00,001,252 \| ---- \| M] () -- C:\Windows\System32\request.gzip [2009/06/12 08:47:06 \| 00,351,176 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/05/28 06:08:50 \| 00,011,952 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/05/28 06:08:50 \| 00,001,647 \| ---- \| M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk [2009/05/28 06:08:49 \| 00,108,552 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2009/05/28 06:08:30 \| 00,325,896 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/05/28 06:08:29 \| 00,027,784 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2009/05/28 06:07:52 \| 06,061,540 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2009/05/28 06:07:52 \| 00,434,673 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2009/05/25 11:21:17 \| 00,022,528 \| ---- \| M] () -- C:\Users\Steve\Desktop\Business Cards.wps [2009/05/25 11:21:17 \| 00,000,812 \| ---- \| M] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2009/06/20 21:26:25 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming [2007/04/01 00:13:32 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\CyberLink [2009/06/16 11:56:46 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\CyberScrub [2009/06/16 22:07:09 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\Image Zone Express [2007/04/20 20:17:15 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\iWin [2006/11/02 08:37:34 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\Media Center Programs [2008/01/06 15:21:49 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\MSNInstaller [2007/06/17 14:59:59 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\MyLogoMaker [2007/06/14 17:56:20 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\Paltalk [2007/06/15 21:21:29 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\PeerNetworking [2007/11/16 18:52:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\Printer Info Cache [2007/05/06 14:36:13 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\Template [2009/06/17 22:22:03 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\U3 [2007/04/02 18:37:20 \| 00,000,000 \| ---D \| M] -- C:\Users\Steve\AppData\Roaming\WildTangent [2009/06/13 04:54:58 \| 00,000,322 \| ---- \| M] () -- C:\Windows\Tasks\HPCeeScheduleForSteve.job [2009/06/21 20:38:41 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/06/20 21:27:46 \| 00,032,544 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/06/15 13:10:03 \| 00,000,394 \| ---- \| M] () -- C:\Windows\Tasks\Schedule Task Weekly.job ========== Purity Check ========== < End of report >

Schillerdog View Member Profile	Jun 21 2009, 07:04 PM Post #6
Authentic Member Group: Authentic Member Posts: 21 Joined: 21-July 05 Member No.: 36,900 Operating System: Windows XP	Here is the other log you requested. Thanks for your help. OTL Extras logfile created on: 6/21/2009 8:43:50 PM - Run 1 OTL by OldTimer - Version 3.0.4.0 Folder = C:\Users\Steve\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16851) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 958.00 Mb Total Physical Memory \| 238.66 Mb Available Physical Memory \| 24.91% Memory free 2.12 Gb Paging File \| 1.21 Gb Available in Paging File \| 57.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 105.20 Gb Total Space \| 70.38 Gb Free Space \| 66.90% Space Free \| Partition Type: NTFS Drive D: \| 6.59 Gb Total Space \| 0.61 Gb Free Space \| 9.31% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STEVE-PC Current User Name: Steve Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2006/08/30 15:35:12 \| 00,952,088 \| ---- \| M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{2712C3CA-931D-4B12-9605-06FF0DFDFADA}" = Reel Deal Card Games "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6 "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0 "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{574157B0-9D84-49d9-B08B-5296638BF5EE}" = 4300_Help "{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005 "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{88D5B052-13BF-44FE-8C17-AC416B323BFE}" = UT2004 Editor's Choice Edition Mod Installer "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B0B2407C-AA1A-4812-85DA-E833D5BC3E97}" = 4300 "{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042 "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EBEAF45A-58C3-44c8-8714-87909EBD6BC2}" = 4300Trb "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "1-abc.net Hard Drive Washer" = 1-abc.net Hard Drive Washer (Remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware SE Professional" = Ad-Aware SE Professional "Ancient Hearts & Spades" = Ancient Hearts & Spades (remove only) "AVG8Uninstall" = AVG Free 8.5 "Backspin Billiards" = Backspin Billiards (remove only) "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP "ComcastHSI" = Comcast High-Speed Internet Install Wizard "Cribbage Champion_is1" = Cribbage Champion 1.8 "CyberScrub® Privacy Suite™ 5.0_is1" = CyberScrub® Privacy Suite™ 5.0 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "HPOOVClient-6811507 Uninstaller" = HP Connections (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3) "MSNINST" = MSN "MyLogo Maker_is1" = MyLogo Maker 1.2 "NVIDIA Drivers" = NVIDIA Drivers "PalTalk8.2" = PaltalkScene "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SpywareBlaster_is1" = SpywareBlaster v3.5.1 "Super GameHouse Solitaire Vol. 1" = Super GameHouse Solitaire Vol. 1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "UT2004" = Unreal Tournament 2004 "ViewpointMediaPlayer" = Viewpoint Media Player "Vopt 8.06" = Vopt 8.06 "WildTangent hp Master Uninstall" = My HP Games "WildTangent hplaptop Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR archiver "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/17/2009 10:49:43 AM \| Computer Name = Steve-PC \| Source = EventSystem \| ID = 4609 Description = Error - 6/17/2009 10:57:13 AM \| Computer Name = Steve-PC \| Source = System Restore \| ID = 8193 Description = Error - 6/17/2009 11:02:04 AM \| Computer Name = Steve-PC \| Source = Automatic LiveUpdate Scheduler \| ID = 101 Description = Error - 6/17/2009 7:40:46 PM \| Computer Name = Steve-PC \| Source = Application Error \| ID = 1000 Description = Faulting application SpybotSD.exe, version 1.6.2.46, time stamp 0x2a425e19, faulting module sqlite3.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7, process id 0xe94, application start time 0x01c9efa506d00db4. [ Media Center Events ] Error - 11/22/2007 8:46:03 AM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 11/28/2007 6:41:25 PM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/19/2007 4:13:05 AM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/22/2007 10:21:31 AM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 1/16/2008 3:58:02 PM \| Computer Name = Steve-PC \| Source = Media Center Guide \| ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 5/27/2008 1:16:12 PM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/3/2008 7:27:51 AM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 8/28/2008 8:00:13 AM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 11/5/2008 5:24:43 AM \| Computer Name = Steve-PC \| Source = MCUpdate \| ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 5/24/2009 7:10:52 PM \| Computer Name = Steve-PC \| Source = Media Center Guide \| ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide [ System Events ] Error - 6/17/2009 11:56:13 AM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance. Error - 6/17/2009 12:32:19 PM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance. Error - 6/17/2009 12:32:19 PM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance. Error - 6/17/2009 5:28:43 PM \| Computer Name = Steve-PC \| Source = EventLog \| ID = 6008 Description = The previous system shutdown at 5:11:36 PM on 6/17/2009 was unexpected. Error - 6/20/2009 8:53:28 PM \| Computer Name = Steve-PC \| Source = EventLog \| ID = 6008 Description = The previous system shutdown at 12:14:30 AM on 6/18/2009 was unexpected. Error - 6/20/2009 9:08:30 PM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance. Error - 6/20/2009 9:08:30 PM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance. Error - 6/20/2009 9:31:01 PM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance. Error - 6/20/2009 9:31:01 PM \| Computer Name = Steve-PC \| Source = ACPI \| ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance. Error - 6/21/2009 8:38:36 PM \| Computer Name = Steve-PC \| Source = EventLog \| ID = 6008 Description = The previous system shutdown at 9:44:51 PM on 6/20/2009 was unexpected. < End of report >

Tomk View Member Profile	Jun 21 2009, 11:27 PM Post #7
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,304 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Schillerdog, Double click on OTL Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : CODE :Processes explorer.exe :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found. SRV - [2008/01/29 13:09:58 \| 00,165,416 \| ---- \| M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand \| Stopped]) :Services GameConsoleService :Reg [hkey_local_machine\software\microsoft\windows\currentversion\run] "Adobe Reader Speed Launcher"=- "HP Software Update"=- "ISUSScheduler"=- "NvMediaCenter"=- "ISUSPM Startup"=- :Files C:\Users\Steve\AppData\Roaming\WildTangent :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Reboot your computer Please post the OTL log and a new HJT log.

Schillerdog View Member Profile	Jun 22 2009, 08:04 PM Post #8
Authentic Member Group: Authentic Member Posts: 21 Joined: 21-July 05 Member No.: 36,900 Operating System: Windows XP	Completed the fix. Internet has improved slightly again. On reboot from the fix I allowed the machine to attempt to reboot on its own. After 10 cycles of on and off I resorted to the cold boot again. Pasted below are the logs you requested. OTL FIX 1 LOG All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found. Service\Driver GameConsoleService deleted successfully. C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe moved successfully. ========== SERVICES/DRIVERS ========== Service\Driver GameConsoleService not found. Service\Driver GameConsoleService not found. ========== REGISTRY ========== Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\Adobe Reader Speed Launcher deleted successfully. Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\HP Software Update deleted successfully. Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\ISUSScheduler deleted successfully. Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\NvMediaCenter deleted successfully. Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\ISUSPM Startup not found. ========== FILES ========== C:\Users\Steve\AppData\Roaming\WildTangent\My HP Game Console\en-us moved successfully. C:\Users\Steve\AppData\Roaming\WildTangent\My HP Game Console moved successfully. C:\Users\Steve\AppData\Roaming\WildTangent moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Steve ->Temporary Internet Files folder emptied: 7902543 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\Windows\temp\TMP000000398503D1FF92ECD310 scheduled to be deleted on reboot. Windows Temp folder emptied: 606294 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 8.11 mb Error: Unable to interpret <[start explorer]> in the current context! OTL by OldTimer - Version 3.0.4.0 log created on 06222009_212154 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\TMP000000398503D1FF92ECD310 not foud! Registry entries deleted on Reboot... HIJACK THIS LOG 3 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:36:22 PM, on 6/22/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] "C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7919 bytes

Tomk View Member Profile	Jun 22 2009, 09:05 PM Post #9
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,304 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Schillerdog, Well I guess I have good and bad news depending on how you look at it: Log looks good That means I guess I've outlived my usefullness. I suggest that you post over in the Windows Forum and let the Tech Team see if they can help you. When you post there, please include a link back to this thread so that they will have access to your logs here. You need to create a new Clean restore point: Download SysRestorePoint to your desktop and unzip it to it's own folder. Double click SysRestorePoint.exe so that we can make a new system restore point. A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program. Remove all previous Restore Points Click Start Menu > Run > copy and paste cleanmgr You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. Double click on OTL to run it. Click on CleanUp! When done, you will be prompted to restart your computer. Please restart your computer. The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing. Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein Also: "How to prevent malware" by miekiemoes Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Tomk View Member Profile	Jun 28 2009, 09:04 AM Post #10
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,304 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Infections Removal · Next Newest »

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal [Resolved] IE8 web browser keeps redirecting me	14	Marm	184	Yesterday, 09:29 PM Last post by: CatByte
		Infections Removal [Resolved] XP Antivirus Pro 2010 infection 12	29	Stormicats	1,205	Yesterday, 03:58 PM Last post by: extremeboy
		Infections Removal [Resolved] Perfect Keylogger.	9	lin0056	126	Yesterday, 02:34 PM Last post by: LDTate
		Infections Removal [Resolved] Lots of Malware found and removed	12	km1234	174	16th March 2010 - 11:41 PM Last post by: Tomk

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 18th March 2010 - 12:46 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.