Newbie
I had a problem with the MBR log, so I had to save it as a jpeg.
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4601
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
9/12/2010 11:33:35 AM
mbam-log-2010-09-12 (11-33-35).txt
Scan type: Quick scan
Objects scanned: 146872
Time elapsed: 14 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2010-09-12 12:40:25
Windows 5.1.2600 Service Pack 3
Running: 3jhqrqvv.exe; Driver: C:\DOCUME~1\TommyG\LOCALS~1\Temp\ffrdifow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 9/12/2010 1:06:44 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\TommyG\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 21.41 Gb Free Space | 60.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-QMXS2S6HVL1
Current User Name: TommyG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/12 12:48:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TommyG\My Documents\Downloads\OTL.exe
PRC - [2010/07/17 05:50:25 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 05:50:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 05:50:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 05:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 05:48:24 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 05:48:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/21 15:22:46 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/07/15 02:20:00 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2002/07/15 02:20:00 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2002/07/15 02:20:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2002/07/04 02:00:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE
PRC - [2002/06/28 15:10:52 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2002/06/28 01:30:00 | 000,048,640 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE
PRC - [2002/04/19 03:23:32 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
========== Modules (SafeList) ==========
MOD - [2010/09/12 12:48:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TommyG\My Documents\Downloads\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 10:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/10/27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006/10/27 00:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006/10/27 00:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006/10/27 00:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2003/06/24 14:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/17 05:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/08 13:02:31 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2002/07/15 02:20:00 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- E:\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- E:\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NSNDIS5.SYS -- (NSNDIS5)
DRV - [2010/07/17 05:50:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 05:48:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/03 05:24:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/07/31 15:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/04/13 11:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2003/07/03 01:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/06/24 14:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/02/14 16:16:32 | 000,096,256 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2002/07/15 02:20:00 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2002/06/28 01:30:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002/06/28 01:30:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2002/06/28 01:30:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002/06/18 11:44:50 | 000,456,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/04/19 03:22:58 | 000,012,605 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2002/02/22 17:26:26 | 001,112,096 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/01/10 14:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/09/13 07:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = 127.0.0.1:8081
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/29 14:17:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/11 07:54:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/11 07:54:20 | 000,000,000 | ---D | M]
[2009/08/22 10:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Extensions
[2010/04/03 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions
[2010/03/18 19:38:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{00084897-021a-4361-8423-083407a033e0}
[2010/03/18 19:41:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/18 19:38:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/12 09:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/26 14:01:15 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/03/16 19:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/05 01:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/10/17 15:33:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/09/12 11:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [NPDTray] C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
O4 - HKLM..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: plentyoffish.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page not found | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/44.10/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1283815569940 (WUWebControl Class)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exter...pAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1283815532867 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\TommyG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TommyG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/12 11:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 11:17:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/12 11:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/11 08:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/11 08:14:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TommyG\Recent
[2010/09/10 19:33:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/06 19:37:07 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/09/06 19:37:06 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/09/06 19:37:05 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/09/06 19:37:03 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/09/06 19:37:02 | 000,053,248 | ---- | C] (Beyond Logic) -- C:\WINDOWS\System32\Process.exe
[2010/09/06 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/05 01:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\STasks
[2010/09/05 01:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Application Data\QuickScan
[2010/09/04 09:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/09/04 09:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/09/02 18:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\FIN
[2010/08/30 21:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/30 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/17 05:50:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 18:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\ACC650
[2009/10/17 19:37:10 | 014,863,448 | ---- | C] (JonDos GmbH) -- C:\Documents and Settings\All Users\Application Data\JonDoFox.paf.exe
[1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/12 1244 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2010/09/12 12:47:45 | 000,828,680 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.pptx
[2010/09/12 12:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/09/12 11:17:16 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/12 10:34:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\prvlcl.dat
[2010/09/12 10:29:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 10:29:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 10:29:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 09:59:09 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\TommyG\NTUSER.DAT
[2010/09/12 09:59:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TommyG\ntuser.ini
[2010/09/11 08:53:11 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HiJackThis.lnk
[2010/09/11 07:58:13 | 000,015,460 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100911_075744.reg
[2010/09/11 03:53:34 | 064,526,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/06 19:38:11 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/09/06 14:55:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/06 14:55:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/06 14:48:21 | 000,119,308 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100906_144752.reg
[2010/09/06 14:40:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\CCleaner.lnk
[2010/09/05 21:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/05 01:07:15 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\QuickScan Folder.lnk
[2010/09/05 00:47:36 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\housecall.guid.cache
[2010/09/02 23:01:22 | 000,020,042 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 2.docx
[2010/08/30 21:06:42 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Spybot - Search & Destroy.lnk
[2010/08/25 23:17:50 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 1.doc
[2010/08/23 21:05:37 | 000,011,839 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-3.docx
[2010/08/22 22:05:53 | 000,012,186 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-2.docx
[2010/08/08 13:53:49 | 000,070,715 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 7.docx
[2010/08/02 20:54:22 | 000,011,809 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 6.docx
[2010/08/01 19:58:35 | 000,078,139 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 6.docx
[2010/07/28 22:11:51 | 000,011,964 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 5 Response.docx
[2010/07/26 22:17:56 | 000,013,041 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc 5.docx
[2010/07/25 09:51:58 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\TommyG\Desktop\~$lottery #'s.xlsx
[2010/07/24 11:11:19 | 000,090,961 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\lottery #'s.xlsx
[2010/07/24 07:53:47 | 000,100,004 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\pblist.docx
[2010/07/19 21:57:47 | 000,011,923 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 4.docx
[2010/07/18 20:14:15 | 000,078,628 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 4.docx
[2010/07/17 05:50:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 05:50:18 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 05:48:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/14 21:10:00 | 000,014,866 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 3.docx
[2010/07/05 22:22:07 | 000,012,183 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc2.docx
[2010/07/04 22:09:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\TommyG\Desktop\~$bmitted by Council.docx
[2010/07/04 22:07:27 | 000,078,933 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Submitted by Council.docx
[2010/07/03 18:32:43 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.doc
[2010/07/03 18:32:08 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.doc
[2010/07/03 18:08:02 | 000,013,678 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.docx
[2010/07/03 10
[2010/07/03 05:24:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/23 21:07:02 | 000,582,886 | ---- | M] () -- C:\Documents and Settings\TommyG\My Documents\Graph2.bmp
[2010/06/23 21:06:48 | 000,582,886 | ---- | M] () -- C:\Documents and Settings\TommyG\My Documents\Graph1.bmp
[1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/12 12:47:43 | 000,828,680 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.pptx
[2010/09/12 11:17:16 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 08:52:21 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HiJackThis.lnk
[2010/09/11 07:57:48 | 000,015,460 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100911_075744.reg
[2010/09/06 19:38:11 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/09/06 19:37:08 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/09/06 19:37:05 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/09/06 19:37:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/09/06 19:16:33 | 000,000,364 | ---- | C] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/09/06 15:04:16 | 000,003,038 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\fix_svchost.bat
[2010/09/06 14:48:12 | 000,119,308 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100906_144752.reg
[2010/09/06 14:40:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\CCleaner.lnk
[2010/09/05 01:07:14 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\QuickScan Folder.lnk
[2010/09/05 00:47:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\housecall.guid.cache
[2010/09/01 23:11:55 | 000,020,042 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 2.docx
[2010/08/30 21:06:42 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Spybot - Search & Destroy.lnk
[2010/08/25 23:17:48 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 1.doc
[2010/08/23 21:05:35 | 000,011,839 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-3.docx
[2010/08/22 22:05:51 | 000,012,186 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-2.docx
[2010/08/08 13:53:49 | 000,070,715 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 7.docx
[2010/08/02 20:54:20 | 000,011,809 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 6.docx
[2010/08/01 19:58:33 | 000,078,139 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 6.docx
[2010/07/28 22:11:50 | 000,011,964 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 5 Response.docx
[2010/07/26 22:17:54 | 000,013,041 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc 5.docx
[2010/07/25 09:51:58 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\TommyG\Desktop\~$lottery #'s.xlsx
[2010/07/24 10:22:21 | 000,090,961 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\lottery #'s.xlsx
[2010/07/24 07:53:43 | 000,100,004 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\pblist.docx
[2010/07/18 20:15:24 | 000,011,923 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 4.docx
[2010/07/18 20:14:10 | 000,078,628 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 4.docx
[2010/07/12 20:52:59 | 000,014,866 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 3.docx
[2010/07/05 20:46:16 | 000,012,183 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc2.docx
[2010/07/04 22:09:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\TommyG\Desktop\~$bmitted by Council.docx
[2010/07/04 22:07:25 | 000,078,933 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Submitted by Council.docx
[2010/07/03 18:32:42 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.doc
[2010/07/03 18:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.doc
[2010/07/03 18:08:00 | 000,013,678 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.docx
[2010/07/03 10
[2010/06/23 21:07:02 | 000,582,886 | ---- | C] () -- C:\Documents and Settings\TommyG\My Documents\Graph2.bmp
[2010/06/23 21:06:48 | 000,582,886 | ---- | C] () -- C:\Documents and Settings\TommyG\My Documents\Graph1.bmp
[2010/02/06 18:08:37 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/06 18:08:30 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2010/01/31 11:00:38 | 000,178,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/10 10:08:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\prvlcl.dat
[2009/10/17 17:48:18 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\fusioncache.dat
[2009/09/06 11:06:27 | 000,000,302 | ---- | C] () -- C:\WINDOWS\Atomic.ini
[2009/09/02 07:09:54 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2007/09/13 18:22:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/17 21:38:59 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/08/17 21:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/17 21:30:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/08/17 21:30:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/17 21:29:31 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/08/17 21:24:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/03 01:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/11/15 11:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/03/07 15:16:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1980/01/01 00:00:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
========== LOP Check ==========
[2009/10/17 17:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2009/11/06 05:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/08 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalCache
[2010/09/06 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/10/17 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Anonymizer
[2009/11/13 06:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\AVG9
[2010/01/16 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\HTSK
[2009/08/23 11:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\IBM
[2007/10/04 20:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\InterTrust
[2006/09/29 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\InterVideo
[2009/08/23 1420 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\QcWizard
[2010/09/05 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\QuickScan
[2010/04/03 19:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Sports Stats 2.0
[2009/10/17 11:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\TeamViewer
[2010/09/05 21:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/12 12
[2010/09/12 12:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/05/15 13:09:43 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2006/08/17 21:33:56 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2006/08/17 21:42:38 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2006/08/17 20:55:56 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/08/17 21:32:36 | 000,000,222 | ---- | M] () -- C:\CWUtilInst.log
[2006/08/17 21:39:30 | 000,001,125 | ---- | M] () -- C:\drivez.log
[2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/08/17 21:38:08 | 000,000,155 | ---- | M] () -- C:\LOGFILE.txt
[2009/09/13 09:46:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/08/20 10:10:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/05 14:23:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/12 10:29:20 | 803,610,624 | -HS- | M] () -- C:\pagefile.sys
[2010/09/06 19:39:51 | 000,005,142 | ---- | M] () -- C:\rapport.txt
[2006/08/17 21:37:20 | 000,000,910 | ---- | M] () -- C:\SYSLEVEL.IBM
< %systemroot%\Fonts\*.com >
[2007/02/09 15:33:58 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2007/02/09 15:33:58 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2007/02/09 15:33:58 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2007/02/09 15:33:58 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/08/17 21:16:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2006/10/26 19
[2007/03/22 20:25:42 | 000,677,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFil terPipelineSvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2009/09/06 11:42:49 | 000,561,152 | ---- | M] (Anne Jan Beeks) -- C:\WINDOWS\AJScreensaver.scr
[2005/03/29 23:40:22 | 000,450,560 | ---- | M] (CoolFreeSoftware.com) -- C:\WINDOWS\The Atomic Screensaver.scr
[2002/01/09 17:31:26 | 000,756,044 | ---- | M] (MacSourcery) -- C:\WINDOWS\TP_NALA.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/03/05 14:19:21 | 000,001,762 | -H-- | M] () -- C:\Documents and Settings\TommyG\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/08/17 21:04:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/17 21:04:32 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/17 21:04:32 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/05 14:39:58 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
[2001/11/20 09:24:10 | 000,007,168 | -HS- | M] () -- C:\WINDOWS\system32\THUMBS.DB
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/20 10:43:34 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\TommyG\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/08/17 21:23:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\TommyG\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2009/08/27 07:24:14 | 004,928,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\TommyG\My Documents\Silverlight.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2006/08/20 10:43:34 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\TommyG\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/03/13 12:14:58 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\TommyG\Cookies\desktop.ini
[2010/09/12 11:36:03 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\TommyG\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 11:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2000/12/05 13:10:28 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2000/12/05 13:10:28 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2000/12/05 13:10:28 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL Extras logfile created on: 9/12/2010 1:06:44 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\TommyG\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 21.41 Gb Free Space | 60.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-QMXS2S6HVL1
Current User Name: TommyG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet
"137:UDP" = 137:UDP:LocalSubNet
"138:UDP" = 138:UDP:LocalSubNet
"1031:TCP" = 1031:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\SkillSoft\jre\bin\javaw.exe" = C:\Program Files\SkillSoft\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27509BD0-A48A-11D4-9D5C-00010234834B}" = Aironet Client Utility
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = USB 1.3MP Camera
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AE0BDB-1679-4873-BED4-F94B36CB10E4}" = DecisionTools Suite Industrial 5.5 for Excel
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AJCompressCopy" = AJScreensaver
"ATI Display Driver" = ATI Display Driver
"aTube Catcher" = aTube Catcher
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Internet Window Washer" = Free Internet Window Washer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenVPN" = UltraVPN
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SkillSoft Course Manager" = SkillSoft Course Manager
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/15/2010 11:42:46 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/16/2010 2:29:18 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/16/2010 2:29:23 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/24/2010 12:09:52 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module excel.exe, version 12.0.4518.1014, stamp 45428263, debug? 0, fault
address 0x006c8520.
Error - 6/24/2010 12:26:16 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module excel.exe, version 12.0.4518.1014, stamp 45428263, debug? 0, fault
address 0x00172fe6.
Error - 6/29/2010 12:50:12 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/4/2010 9:32:19 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/4/2010 9:32:23 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/4/2010 9:32:24 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/11/2010 5:59:03 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 5/9/2010 2:24:17 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 693
seconds with 300 seconds of active time. This session ended with a crash.
Error - 5/10/2010 11:20:02 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1910
seconds with 1740 seconds of active time. This session ended with a crash.
Error - 5/11/2010 10:43:39 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/24/2010 12:09:41 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7414
seconds with 6420 seconds of active time. This session ended with a crash.
Error - 6/24/2010 12:26:08 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 586
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/12/2010 1:02:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 9/12/2010 1:02:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 9/12/2010 1:02:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SASDIFSV
SASKUTIL
Smapint
Tcpip
TDSMAPI
TPHKDRV
TPPWR
Error - 9/12/2010 1:05:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/12/2010 1:07:07 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 9/12/2010 1:07:47 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/12/2010 1:08:08 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips IBMTPCHK intelppm SASDIFSV SASKUTIL Smapint TDSMAPI TPHKDRV TPPWR
Error - 9/12/2010 1:28:05 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/12/2010 1:29:55 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL
Error - 9/12/2010 2:13:46 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
< End of report >
Senior Member
Welcome aboard
What are your computer issues?
What was the problem with MBRCheck?
Your MBR seems to be infected.
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)
- Place a blank CD in your CD drive.
- Double click on NTBR_CD.exe file and a folder of the same name will appear.
- Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
- Follow the prompts to burn the CD.
- Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
- If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
- Insert the newly created CD into your infected PC and reboot your computer.
- Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
- Read the warning and then continue as prompted.
- You first need to select your keyboard layout - press Enter for English.
- Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
- On the following screen enter 5 to select Install Standard MBR code.
- Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
- When asked to confirm please do so.
- Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
- Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
Newbie
Broni,
Below is my post from last week. I apologize but I haven't had a chance to work on the problem until today, but now the post is closed, attached is my MBR log. Again, sorry about the late response, any help you can give is greatly appreciated. Thanks!!
I had a problem with the MBR log, so I had to save it as a jpeg.
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4601
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
9/12/2010 11:33:35 AM
mbam-log-2010-09-12 (11-33-35).txt
Scan type: Quick scan
Objects scanned: 146872
Time elapsed: 14 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2010-09-12 12:40:25
Windows 5.1.2600 Service Pack 3
Running: 3jhqrqvv.exe; Driver: C:\DOCUME~1\TommyG\LOCALS~1\Temp\ffrdifow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 9/12/2010 1:06:44 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\TommyG\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 21.41 Gb Free Space | 60.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-QMXS2S6HVL1
Current User Name: TommyG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/12 12:48:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TommyG\My Documents\Downloads\OTL.exe
PRC - [2010/07/17 05:50:25 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 05:50:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 05:50:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 05:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 05:48:24 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 05:48:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/21 15:22:46 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/07/15 02:20:00 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2002/07/15 02:20:00 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2002/07/15 02:20:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2002/07/04 02:00:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE
PRC - [2002/06/28 15:10:52 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2002/06/28 01:30:00 | 000,048,640 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE
PRC - [2002/04/19 03:23:32 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
========== Modules (SafeList) ==========
MOD - [2010/09/12 12:48:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TommyG\My Documents\Downloads\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 10:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/10/27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006/10/27 00:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006/10/27 00:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006/10/27 00:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2003/06/24 14:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/17 05:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/08 13:02:31 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2002/07/15 02:20:00 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- E:\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- E:\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NSNDIS5.SYS -- (NSNDIS5)
DRV - [2010/07/17 05:50:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 05:48:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/03 05:24:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/07/31 15:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/04/13 11:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2003/07/03 01:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/06/24 14:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/02/14 16:16:32 | 000,096,256 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2002/07/15 02:20:00 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2002/06/28 01:30:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002/06/28 01:30:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2002/06/28 01:30:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002/06/18 11:44:50 | 000,456,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/04/19 03:22:58 | 000,012,605 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2002/02/22 17:26:26 | 001,112,096 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/01/10 14:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/09/13 07:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = 127.0.0.1:8081
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/29 14:17:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/11 07:54:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/11 07:54:20 | 000,000,000 | ---D | M]
[2009/08/22 10:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Extensions
[2010/04/03 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions
[2010/03/18 19:38:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{00084897-021a-4361-8423-083407a033e0}
[2010/03/18 19:41:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/18 19:38:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/12 09:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/26 14:01:15 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/03/16 19:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/05 01:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/10/17 15:33:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/09/12 11:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [NPDTray] C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
O4 - HKLM..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: plentyoffish.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page not found | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/44.10/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1283815569940 (WUWebControl Class)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exter...pAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1283815532867 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\TommyG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TommyG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/12 11:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 11:17:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/12 11:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/11 08:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/11 08:14:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TommyG\Recent
[2010/09/10 19:33:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/06 19:37:07 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/09/06 19:37:06 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/09/06 19:37:05 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/09/06 19:37:03 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/09/06 19:37:02 | 000,053,248 | ---- | C] (Beyond Logic) -- C:\WINDOWS\System32\Process.exe
[2010/09/06 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/05 01:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\STasks
[2010/09/05 01:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Application Data\QuickScan
[2010/09/04 09:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/09/04 09:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/09/02 18:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\FIN
[2010/08/30 21:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/30 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/17 05:50:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 18:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\ACC650
[2009/10/17 19:37:10 | 014,863,448 | ---- | C] (JonDos GmbH) -- C:\Documents and Settings\All Users\Application Data\JonDoFox.paf.exe
[1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/12 1244 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2010/09/12 12:47:45 | 000,828,680 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.pptx
[2010/09/12 12:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/09/12 11:17:16 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/12 10:34:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\prvlcl.dat
[2010/09/12 10:29:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 10:29:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 10:29:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 09:59:09 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\TommyG\NTUSER.DAT
[2010/09/12 09:59:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TommyG\ntuser.ini
[2010/09/11 08:53:11 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HiJackThis.lnk
[2010/09/11 07:58:13 | 000,015,460 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100911_075744.reg
[2010/09/11 03:53:34 | 064,526,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/06 19:38:11 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/09/06 14:55:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/06 14:55:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/06 14:48:21 | 000,119,308 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100906_144752.reg
[2010/09/06 14:40:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\CCleaner.lnk
[2010/09/05 21:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/05 01:07:15 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\QuickScan Folder.lnk
[2010/09/05 00:47:36 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\housecall.guid.cache
[2010/09/02 23:01:22 | 000,020,042 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 2.docx
[2010/08/30 21:06:42 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Spybot - Search & Destroy.lnk
[2010/08/25 23:17:50 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 1.doc
[2010/08/23 21:05:37 | 000,011,839 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-3.docx
[2010/08/22 22:05:53 | 000,012,186 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-2.docx
[2010/08/08 13:53:49 | 000,070,715 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 7.docx
[2010/08/02 20:54:22 | 000,011,809 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 6.docx
[2010/08/01 19:58:35 | 000,078,139 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 6.docx
[2010/07/28 22:11:51 | 000,011,964 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 5 Response.docx
[2010/07/26 22:17:56 | 000,013,041 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc 5.docx
[2010/07/25 09:51:58 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\TommyG\Desktop\~$lottery #'s.xlsx
[2010/07/24 11:11:19 | 000,090,961 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\lottery #'s.xlsx
[2010/07/24 07:53:47 | 000,100,004 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\pblist.docx
[2010/07/19 21:57:47 | 000,011,923 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 4.docx
[2010/07/18 20:14:15 | 000,078,628 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 4.docx
[2010/07/17 05:50:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 05:50:18 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 05:48:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/14 21:10:00 | 000,014,866 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 3.docx
[2010/07/05 22:22:07 | 000,012,183 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc2.docx
[2010/07/04 22:09:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\TommyG\Desktop\~$bmitted by Council.docx
[2010/07/04 22:07:27 | 000,078,933 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Submitted by Council.docx
[2010/07/03 18:32:43 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.doc
[2010/07/03 18:32:08 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.doc
[2010/07/03 18:08:02 | 000,013,678 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.docx
[2010/07/03 1022 | 000,022,622 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.docx
[2010/07/03 05:24:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/23 21:07:02 | 000,582,886 | ---- | M] () -- C:\Documents and Settings\TommyG\My Documents\Graph2.bmp
[2010/06/23 21:06:48 | 000,582,886 | ---- | M] () -- C:\Documents and Settings\TommyG\My Documents\Graph1.bmp
[1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/12 12:47:43 | 000,828,680 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.pptx
[2010/09/12 11:17:16 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 08:52:21 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HiJackThis.lnk
[2010/09/11 07:57:48 | 000,015,460 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100911_075744.reg
[2010/09/06 19:38:11 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/09/06 19:37:08 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/09/06 19:37:05 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/09/06 19:37:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/09/06 19:16:33 | 000,000,364 | ---- | C] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/09/06 15:04:16 | 000,003,038 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\fix_svchost.bat
[2010/09/06 14:48:12 | 000,119,308 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100906_144752.reg
[2010/09/06 14:40:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\CCleaner.lnk
[2010/09/05 01:07:14 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\QuickScan Folder.lnk
[2010/09/05 00:47:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\housecall.guid.cache
[2010/09/01 23:11:55 | 000,020,042 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 2.docx
[2010/08/30 21:06:42 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Spybot - Search & Destroy.lnk
[2010/08/25 23:17:48 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 1.doc
[2010/08/23 21:05:35 | 000,011,839 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-3.docx
[2010/08/22 22:05:51 | 000,012,186 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-2.docx
[2010/08/08 13:53:49 | 000,070,715 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 7.docx
[2010/08/02 20:54:20 | 000,011,809 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 6.docx
[2010/08/01 19:58:33 | 000,078,139 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 6.docx
[2010/07/28 22:11:50 | 000,011,964 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 5 Response.docx
[2010/07/26 22:17:54 | 000,013,041 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc 5.docx
[2010/07/25 09:51:58 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\TommyG\Desktop\~$lottery #'s.xlsx
[2010/07/24 10:22:21 | 000,090,961 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\lottery #'s.xlsx
[2010/07/24 07:53:43 | 000,100,004 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\pblist.docx
[2010/07/18 20:15:24 | 000,011,923 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 4.docx
[2010/07/18 20:14:10 | 000,078,628 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Quiz 4.docx
[2010/07/12 20:52:59 | 000,014,866 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 3.docx
[2010/07/05 20:46:16 | 000,012,183 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc2.docx
[2010/07/04 22:09:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\TommyG\Desktop\~$bmitted by Council.docx
[2010/07/04 22:07:25 | 000,078,933 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Submitted by Council.docx
[2010/07/03 18:32:42 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.doc
[2010/07/03 18:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.doc
[2010/07/03 18:08:00 | 000,013,678 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.docx
[2010/07/03 1021 | 000,022,622 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.docx
[2010/06/23 21:07:02 | 000,582,886 | ---- | C] () -- C:\Documents and Settings\TommyG\My Documents\Graph2.bmp
[2010/06/23 21:06:48 | 000,582,886 | ---- | C] () -- C:\Documents and Settings\TommyG\My Documents\Graph1.bmp
[2010/02/06 18:08:37 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/06 18:08:30 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2010/01/31 11:00:38 | 000,178,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/10 10:08:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\prvlcl.dat
[2009/10/17 17:48:18 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\fusioncache.dat
[2009/09/06 11:06:27 | 000,000,302 | ---- | C] () -- C:\WINDOWS\Atomic.ini
[2009/09/02 07:09:54 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2007/09/13 18:22:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/17 21:38:59 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/08/17 21:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/17 21:30:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/08/17 21:30:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/17 21:29:31 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/08/17 21:24:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/03 01:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/11/15 11:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/03/07 15:16:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1980/01/01 00:00:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
========== LOP Check ==========
[2009/10/17 17:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2009/11/06 05:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/08 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalCache
[2010/09/06 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/10/17 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Anonymizer
[2009/11/13 06:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\AVG9
[2010/01/16 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\HTSK
[2009/08/23 11:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\IBM
[2007/10/04 20:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\InterTrust
[2006/09/29 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\InterVideo
[2009/08/23 1420 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\QcWizard
[2010/09/05 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\QuickScan
[2010/04/03 19:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Sports Stats 2.0
[2009/10/17 11:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\TeamViewer
[2010/09/05 21:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/12 1244 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2010/09/12 12:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/05/15 13:09:43 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2006/08/17 21:33:56 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2006/08/17 21:42:38 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2006/08/17 20:55:56 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/08/17 21:32:36 | 000,000,222 | ---- | M] () -- C:\CWUtilInst.log
[2006/08/17 21:39:30 | 000,001,125 | ---- | M] () -- C:\drivez.log
[2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/08/17 21:38:08 | 000,000,155 | ---- | M] () -- C:\LOGFILE.txt
[2009/09/13 09:46:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/08/20 10:10:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/05 14:23:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/12 10:29:20 | 803,610,624 | -HS- | M] () -- C:\pagefile.sys
[2010/09/06 19:39:51 | 000,005,142 | ---- | M] () -- C:\rapport.txt
[2006/08/17 21:37:20 | 000,000,910 | ---- | M] () -- C:\SYSLEVEL.IBM
< %systemroot%\Fonts\*.com >
[2007/02/09 15:33:58 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2007/02/09 15:33:58 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2007/02/09 15:33:58 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2007/02/09 15:33:58 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/08/17 21:16:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2006/10/26 1912 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr .dll
[2007/03/22 20:25:42 | 000,677,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFil terPipelineSvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2009/09/06 11:42:49 | 000,561,152 | ---- | M] (Anne Jan Beeks) -- C:\WINDOWS\AJScreensaver.scr
[2005/03/29 23:40:22 | 000,450,560 | ---- | M] (CoolFreeSoftware.com) -- C:\WINDOWS\The Atomic Screensaver.scr
[2002/01/09 17:31:26 | 000,756,044 | ---- | M] (MacSourcery) -- C:\WINDOWS\TP_NALA.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/03/05 14:19:21 | 000,001,762 | -H-- | M] () -- C:\Documents and Settings\TommyG\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/08/17 21:04:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/17 21:04:32 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/17 21:04:32 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/05 14:39:58 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
[2001/11/20 09:24:10 | 000,007,168 | -HS- | M] () -- C:\WINDOWS\system32\THUMBS.DB
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/20 10:43:34 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\TommyG\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/08/17 21:23:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\TommyG\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2009/08/27 07:24:14 | 004,928,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\TommyG\My Documents\Silverlight.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2006/08/20 10:43:34 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\TommyG\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/03/13 12:14:58 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\TommyG\Cookies\desktop.ini
[2010/09/12 11:36:03 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\TommyG\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 11:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2000/12/05 13:10:28 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2000/12/05 13:10:28 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2000/12/05 13:10:28 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL Extras logfile created on: 9/12/2010 1:06:44 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\TommyG\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 21.41 Gb Free Space | 60.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-QMXS2S6HVL1
Current User Name: TommyG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"1031:TCP" = 1031:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\SkillSoft\jre\bin\javaw.exe" = C:\Program Files\SkillSoft\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27509BD0-A48A-11D4-9D5C-00010234834B}" = Aironet Client Utility
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = USB 1.3MP Camera
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AE0BDB-1679-4873-BED4-F94B36CB10E4}" = DecisionTools Suite Industrial 5.5 for Excel
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AJCompressCopy" = AJScreensaver
"ATI Display Driver" = ATI Display Driver
"aTube Catcher" = aTube Catcher
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Internet Window Washer" = Free Internet Window Washer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenVPN" = UltraVPN
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SkillSoft Course Manager" = SkillSoft Course Manager
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/15/2010 11:42:46 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/16/2010 2:29:18 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/16/2010 2:29:23 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/24/2010 12:09:52 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module excel.exe, version 12.0.4518.1014, stamp 45428263, debug? 0, fault
address 0x006c8520.
Error - 6/24/2010 12:26:16 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module excel.exe, version 12.0.4518.1014, stamp 45428263, debug? 0, fault
address 0x00172fe6.
Error - 6/29/2010 12:50:12 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/4/2010 9:32:19 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/4/2010 9:32:23 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/4/2010 9:32:24 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/11/2010 5:59:03 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 5/9/2010 2:24:17 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 693
seconds with 300 seconds of active time. This session ended with a crash.
Error - 5/10/2010 11:20:02 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1910
seconds with 1740 seconds of active time. This session ended with a crash.
Error - 5/11/2010 10:43:39 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/24/2010 12:09:41 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7414
seconds with 6420 seconds of active time. This session ended with a crash.
Error - 6/24/2010 12:26:08 AM | Computer Name = IBM-QMXS2S6HVL1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 586
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/12/2010 1:02:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 9/12/2010 1:02:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 9/12/2010 1:02:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SASDIFSV
SASKUTIL
Smapint
Tcpip
TDSMAPI
TPHKDRV
TPPWR
Error - 9/12/2010 1:05:27 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/12/2010 1:07:07 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 9/12/2010 1:07:47 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/12/2010 1:08:08 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips IBMTPCHK intelppm SASDIFSV SASKUTIL Smapint TDSMAPI TPHKDRV TPPWR
Error - 9/12/2010 1:28:05 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/12/2010 1:29:55 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL
Error - 9/12/2010 2:13:46 PM | Computer Name = IBM-QMXS2S6HVL1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
< End of report >
================================================== ================================================== =============
Welcome aboard
What are your computer issues?
What was the problem with MBRCheck?
Your MBR seems to be infected.
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)
* Place a blank CD in your CD drive.
* Double click on NTBR_CD.exe file and a folder of the same name will appear.
* Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
* Follow the prompts to burn the CD.
* Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
* If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
* Insert the newly created CD into your infected PC and reboot your computer.
* Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
* Read the warning and then continue as prompted.
* You first need to select your keyboard layout - press Enter for English.
* Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
* On the following screen enter 5 to select Install Standard MBR code.
* Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
* When asked to confirm please do so.
* Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
* Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
Last edited by broni; 18-09-2010 at 09:10 PM.
Senior Member
Looks good now
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Newbie
Here you go
ComboFix 10-09-17.04 - TommyG 09/18/2010 23:43:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.182 [GMT -7:00]
Running from: c:\documents and settings\TommyG\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\vbzlib1.dll
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.
2010-09-12 18:17 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 18:17 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 18:17 . 2010-09-12 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 15:52 . 2010-09-11 15:52 -------- d-----w- c:\program files\Trend Micro
2010-09-11 02:35 . 2010-09-11 02:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-10 04:15 . 2010-09-10 04:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-06 21:40 . 2010-09-06 21:40 -------- d-----w- c:\program files\CCleaner
2010-09-05 08:58 . 2010-09-09 03:24 -------- d-----w- c:\program files\STasks
2010-09-05 08:07 . 2010-09-19 04:32 -------- d-----w- c:\documents and settings\TommyG\Application Data\QuickScan
2010-09-04 16:02 . 2010-09-07 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-09-04 16:00 . 2010-09-09 03:22 -------- d-----w- c:\program files\PCPitstop
2010-08-31 04:06 . 2010-09-11 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-31 04:06 . 2010-08-31 04:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-19 06:34 . 2010-01-10 17:08 0 ----a-w- c:\documents and settings\TommyG\Local Settings\Application Data\prvlcl.dat
2010-09-19 06:25 . 2009-11-06 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-11 15:52 . 2010-09-11 15:52 388096 ----a-r- c:\documents and settings\TommyG\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-27 05:30 . 2010-09-05 08:04 705208 ----a-w- c:\documents and settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-27 05:30 . 2010-09-05 08:04 978664 ----a-w- c:\documents and settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-17 12:50 . 2009-08-22 17:04 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:50 . 2010-07-17 12:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:48 . 2009-08-22 17:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-03 12:24 . 2009-08-22 17:04 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-18 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.d ll" [2002-06-28 64000]
"TPTRAY"="c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.E XE" [2002-06-28 48640]
"TP4EX"="tp4ex.exe" [2002-02-22 40960]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPH KMGR.exe" [2002-06-28 86016]
"NPDTray"="c:\progra~1\ThinkPad\UTILIT~1\NPDTray.e xe" [2002-07-04 204800]
"AGRSMMSG"="AGRSMMSG.exe" [2002-02-22 87037]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe " [2002-07-15 491520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monit or.exe" [2006-11-03 319488]
"QCWLIcon"="c:\progra~1\ThinkPad\CONNEC~1\QCWLIcon .exe" [2002-07-15 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 12:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SkillSoft\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/22/2009 10:04 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/22/2009 10:04 AM 243024]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [8/17/2006 9:29 PM 12288]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 5:50 AM 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S1 SASDIFSV;SASDIFSV;\??\e:\superantispyware\SASDIFSV .SYS --> e:\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\e:\superantispyware\SASKUTIL .SYS --> e:\superantispyware\SASKUTIL.SYS [?]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\PCDRDRV.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [1/1/1980 96256]
S3 SASENUM;SASENUM;\??\e:\superantispyware\SASENUM.SY S --> e:\superantispyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
2010-09-19 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-08-18 08:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: plentyoffish.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-UC_SMB - (no file)
MSConfigStartUp-SUPERAntiSpyware - e:\superantispyware\SUPERAntiSpyware.exe
MSConfigStartUp-Tgcmd - c:\program files\Support.com\bin\tgcmd.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-18 23:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2010-09-19 00:00:25
ComboFix-quarantined-files.txt 2010-09-19 07:00
Pre-Run: 22,789,500,928 bytes free
Post-Run: 22,779,150,336 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 621795B5CBA60098FC77FA9A9DC8388E
Senior Member
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:DDS:: uInternet Settings,ProxyServer = 127.0.0.1:8081
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
Newbie
ComboFix 10-09-17.04 - TommyG 09/19/2010 13:59:48.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.260 [GMT -7:00]
Running from: c:\documents and settings\TommyG\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\TommyG\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.
2010-09-19 15:20 . 2010-09-19 15:20 -------- d-----w- c:\documents and settings\TommyG\Local Settings\Application Data\AVG Security Toolbar
2010-09-19 15:18 . 2010-09-19 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-09-12 18:17 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 18:17 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 18:17 . 2010-09-12 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 15:52 . 2010-09-11 15:52 388096 ----a-r- c:\documents and settings\TommyG\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-11 15:52 . 2010-09-11 15:52 -------- d-----w- c:\program files\Trend Micro
2010-09-11 02:35 . 2010-09-11 02:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-10 04:15 . 2010-09-10 04:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-06 21:40 . 2010-09-06 21:40 -------- d-----w- c:\program files\CCleaner
2010-09-05 08:58 . 2010-09-09 03:24 -------- d-----w- c:\program files\STasks
2010-09-05 08:07 . 2010-09-19 04:32 -------- d-----w- c:\documents and settings\TommyG\Application Data\QuickScan
2010-09-05 08:04 . 2010-07-27 05:30 705208 ----a-w- c:\documents and settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-09-05 08:04 . 2010-07-27 05:30 978664 ----a-w- c:\documents and settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-09-04 16:02 . 2010-09-07 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-09-04 16:00 . 2010-09-09 03:22 -------- d-----w- c:\program files\PCPitstop
2010-08-31 04:06 . 2010-09-11 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-31 04:06 . 2010-08-31 04:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-19 20:49 . 2010-01-10 17:08 0 ----a-w- c:\documents and settings\TommyG\Local Settings\Application Data\prvlcl.dat
2010-09-19 06:25 . 2009-11-06 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-17 12:50 . 2009-08-22 17:04 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:50 . 2010-07-17 12:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:48 . 2009-08-22 17:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-03 12:24 . 2009-08-22 17:04 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-19_06.53.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-19 15:10 . 2010-09-19 15:10 16384 c:\windows\Temp\Perflib_Perfdata_378.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-18 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.d ll" [2002-06-28 64000]
"TPTRAY"="c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.E XE" [2002-06-28 48640]
"TP4EX"="tp4ex.exe" [2002-02-22 40960]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPH KMGR.exe" [2002-06-28 86016]
"NPDTray"="c:\progra~1\ThinkPad\UTILIT~1\NPDTray.e xe" [2002-07-04 204800]
"AGRSMMSG"="AGRSMMSG.exe" [2002-02-22 87037]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe " [2002-07-15 491520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monit or.exe" [2006-11-03 319488]
"QCWLIcon"="c:\progra~1\ThinkPad\CONNEC~1\QCWLIcon .exe" [2002-07-15 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 12:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SkillSoft\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/22/2009 10:04 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/22/2009 10:04 AM 243024]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [8/17/2006 9:29 PM 12288]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 5:50 AM 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S1 SASDIFSV;SASDIFSV;\??\e:\superantispyware\SASDIFSV .SYS --> e:\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\e:\superantispyware\SASKUTIL .SYS --> e:\superantispyware\SASKUTIL.SYS [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [9/19/2010 8:18 AM 430152]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\PCDRDRV.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [1/1/1980 96256]
S3 SASENUM;SASENUM;\??\e:\superantispyware\SASENUM.SY S --> e:\superantispyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
2010-09-19 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-08-18 08:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: plentyoffish.com\www
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-19 14:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-19 14:14:51
ComboFix-quarantined-files.txt 2010-09-19 21:14
ComboFix2.txt 2010-09-19 20:25
ComboFix3.txt 2010-09-19 07:00
Pre-Run: 22,829,752,320 bytes free
Post-Run: 22,817,828,864 bytes free
- - End Of File - - EA70773F7F535E7D8BF106BDD3A6D517
Senior Member
Good
How is computer doing?
Please, re-run OTL "Quick scan" and post new log.
Newbie
Not good, I don't think. My passwords are still compromised (I think), my clock changed itself from 12 hr to 24 hr time and I'm not sure if it should have changed back or I need to do it, and I have several svchost.exe applications that are running & they keep spiking and draining my resources. Sorry, I don't mean to seem ungrateful or pessimistic, but these were the clues that something was wrong and they're still there. Thanks again for the help!!
OTL logfile created on: 9/19/2010 5:39:26 PM - Run 2
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\TommyG\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 21.27 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-QMXS2S6HVL1
Current User Name: TommyG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/19 17:38:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TommyG\My Documents\Downloads\OTL(2).exe
PRC - [2010/07/17 05:50:25 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 05:50:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 05:50:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 05:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 05:48:24 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 05:48:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/21 15:22:46 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
========== Modules (SafeList) ==========
MOD - [2010/09/19 17:38:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TommyG\My Documents\Downloads\OTL(2).exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/06/24 14:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/17 05:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/08 13:02:31 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2002/07/15 02:20:00 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- E:\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- E:\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\TommyG\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/17 05:50:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 05:48:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/03 05:24:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/07/31 15:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/04/13 11:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2003/07/03 01:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/06/24 14:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/02/14 16:16:32 | 000,096,256 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2002/07/15 02:20:00 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2002/06/28 01:30:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002/06/28 01:30:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2002/06/28 01:30:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002/06/18 11:44:50 | 000,456,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/04/19 03:22:58 | 000,012,605 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2002/02/22 17:26:26 | 001,112,096 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/01/10 14:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/09/13 07:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/29 14:17:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igea red: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/19 08:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/18 08:31:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/18 08:31:33 | 000,000,000 | ---D | M]
[2009/08/22 10:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Extensions
[2010/04/03 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions
[2010/03/18 19:38:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{00084897-021a-4361-8423-083407a033e0}
[2010/03/18 19:41:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/18 19:38:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\3tjgqbz1.CRains\exte nsions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/19 08:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/26 14:01:15 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/03/16 19:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/05 00:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/05 01:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/10/17 15:33:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\TommyG\Application Data\Mozilla\Firefox\Profiles\4drceuqx.default\ext ensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/09/19 14:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/18 23:52:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [NPDTray] C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
O4 - HKLM..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: plentyoffish.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page not found | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/44.10/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1283815569940 (WUWebControl Class)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exter...pAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1283815532867 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\TommyG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TommyG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/17 22:22:51 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/19 10:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\Folder
[2010/09/19 08:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Local Settings\Application Data\AVG Security Toolbar
[2010/09/19 08:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/18 23:40:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/18 23:37:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/18 23:37:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/18 23:37:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/18 23:37:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/18 23:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/18 23:11:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/12 11:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 11:17:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/12 11:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/11 08:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/11 08:14:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TommyG\Recent
[2010/09/10 19:33:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/06 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/05 01:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\STasks
[2010/09/05 01:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Application Data\QuickScan
[2010/09/04 09:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/09/04 09:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/09/02 18:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\FIN
[2010/08/30 21:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/30 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/17 05:50:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 18:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TommyG\Desktop\ACC650
[2009/10/17 19:37:10 | 014,863,448 | ---- | C] (JonDos GmbH) -- C:\Documents and Settings\All Users\Application Data\JonDoFox.paf.exe
[1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/19 17:32:16 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2010/09/19 14:14:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/19 14:09:13 | 000,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/19 13:49:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\prvlcl.dat
[2010/09/19 13:44:09 | 000,011,649 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ComboFix(2).docx
[2010/09/19 13:03:56 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Shortcut to ComboFix.lnk
[2010/09/19 10:29:06 | 000,078,408 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Points Awarded.docx
[2010/09/19 08:14:41 | 064,994,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/19 08:10:29 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/09/19 08:10:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/19 08:09:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/19 01:02:54 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\TommyG\NTUSER.DAT
[2010/09/19 01:02:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TommyG\ntuser.ini
[2010/09/18 23:52:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/18 23:40:40 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2010/09/18 23:08:22 | 000,015,848 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ComboFix.docx
[2010/09/18 09:59:05 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Shortcut to NTBR_CD.lnk
[2010/09/15 23:35:36 | 000,018,403 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Assignment 4.docx
[2010/09/12 13:23:19 | 000,149,286 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.jpg
[2010/09/12 12:47:45 | 000,828,680 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.pptx
[2010/09/12 11:17:16 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 08:53:11 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HiJackThis.lnk
[2010/09/11 07:58:13 | 000,015,460 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100911_075744.reg
[2010/09/06 14:55:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/06 14:55:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/06 14:48:21 | 000,119,308 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100906_144752.reg
[2010/09/06 14:40:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\CCleaner.lnk
[2010/09/05 01:07:15 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\QuickScan Folder.lnk
[2010/09/05 00:47:36 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\housecall.guid.cache
[2010/09/02 23:01:22 | 000,020,042 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 2.docx
[2010/08/30 21:06:42 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Spybot - Search & Destroy.lnk
[2010/08/25 23:17:50 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 1.doc
[2010/08/23 21:05:37 | 000,011,839 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-3.docx
[2010/08/22 22:05:53 | 000,012,186 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-2.docx
[2010/08/02 20:54:22 | 000,011,809 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 6.docx
[2010/07/28 22:11:51 | 000,011,964 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 5 Response.docx
[2010/07/26 22:17:56 | 000,013,041 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc 5.docx
[2010/07/25 09:51:58 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\TommyG\Desktop\~$lottery #'s.xlsx
[2010/07/24 11:11:19 | 000,090,961 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\lottery #'s.xlsx
[2010/07/24 07:53:47 | 000,100,004 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\pblist.docx
[2010/07/19 21:57:47 | 000,011,923 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 4.docx
[2010/07/17 05:50:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 05:50:18 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 05:48:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/14 21:10:00 | 000,014,866 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\DQ 3.docx
[2010/07/05 22:22:07 | 000,012,183 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc2.docx
[2010/07/04 22:09:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\TommyG\Desktop\~$bmitted by Council.docx
[2010/07/04 22:07:27 | 000,078,933 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Submitted by Council.docx
[2010/07/03 18:32:43 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.doc
[2010/07/03 18:32:08 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.doc
[2010/07/03 18:08:02 | 000,013,678 | ---- | M] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.docx
[2010/07/03 10
[2010/07/03 05:24:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/23 21:07:02 | 000,582,886 | ---- | M] () -- C:\Documents and Settings\TommyG\My Documents\Graph2.bmp
[2010/06/23 21:06:48 | 000,582,886 | ---- | M] () -- C:\Documents and Settings\TommyG\My Documents\Graph1.bmp
[1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/19 13:44:09 | 000,011,649 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ComboFix(2).docx
[2010/09/19 13:03:56 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Shortcut to ComboFix.lnk
[2010/09/19 10:29:03 | 000,078,408 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Points Awarded.docx
[2010/09/18 23:40:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/18 23:40:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/18 23:37:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/18 23:37:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/18 23:37:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/18 23:37:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/18 23:37:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/18 23:08:19 | 000,015,848 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ComboFix.docx
[2010/09/18 09:59:05 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Shortcut to NTBR_CD.lnk
[2010/09/15 23:33:16 | 000,018,403 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Assignment 4.docx
[2010/09/12 13:23:12 | 000,149,286 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.jpg
[2010/09/12 12:47:43 | 000,828,680 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Presentation1.pptx
[2010/09/12 11:17:16 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 08:52:21 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HiJackThis.lnk
[2010/09/11 07:57:48 | 000,015,460 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100911_075744.reg
[2010/09/06 15:04:16 | 000,003,038 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\fix_svchost.bat
[2010/09/06 14:48:12 | 000,119,308 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\cc_20100906_144752.reg
[2010/09/06 14:40:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\CCleaner.lnk
[2010/09/05 01:07:14 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\QuickScan Folder.lnk
[2010/09/05 00:47:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\housecall.guid.cache
[2010/09/01 23:11:55 | 000,020,042 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 2.docx
[2010/08/30 21:06:42 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Spybot - Search & Destroy.lnk
[2010/08/25 23:17:48 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\HRM 640 Assignment 1.doc
[2010/08/23 21:05:35 | 000,011,839 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-3.docx
[2010/08/22 22:05:51 | 000,012,186 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\LDR 600 DQ#1-2.docx
[2010/08/02 20:54:20 | 000,011,809 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 6.docx
[2010/07/28 22:11:50 | 000,011,964 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 5 Response.docx
[2010/07/26 22:17:54 | 000,013,041 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc 5.docx
[2010/07/25 09:51:58 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\TommyG\Desktop\~$lottery #'s.xlsx
[2010/07/24 10:22:21 | 000,090,961 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\lottery #'s.xlsx
[2010/07/24 07:53:43 | 000,100,004 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\pblist.docx
[2010/07/18 20:15:24 | 000,011,923 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 4.docx
[2010/07/12 20:52:59 | 000,014,866 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\DQ 3.docx
[2010/07/05 20:46:16 | 000,012,183 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\ACC650 Disc2.docx
[2010/07/04 22:09:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\TommyG\Desktop\~$bmitted by Council.docx
[2010/07/04 22:07:25 | 000,078,933 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Submitted by Council.docx
[2010/07/03 18:32:42 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\Texas Institutions of Higher Education.doc
[2010/07/03 18:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.doc
[2010/07/03 18:08:00 | 000,013,678 | ---- | C] () -- C:\Documents and Settings\TommyG\Desktop\List of Cheats-RDR.docx
[2010/07/03 10
[2010/06/23 21:07:02 | 000,582,886 | ---- | C] () -- C:\Documents and Settings\TommyG\My Documents\Graph2.bmp
[2010/06/23 21:06:48 | 000,582,886 | ---- | C] () -- C:\Documents and Settings\TommyG\My Documents\Graph1.bmp
[2010/02/06 18:08:37 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/06 18:08:30 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2010/01/31 11:00:38 | 000,178,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/10 10:08:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\prvlcl.dat
[2009/10/17 17:48:18 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\fusioncache.dat
[2009/09/06 11:06:27 | 000,000,302 | ---- | C] () -- C:\WINDOWS\Atomic.ini
[2009/09/02 07:09:54 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TommyG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/13 18:22:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/17 21:38:59 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/08/17 21:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/17 21:30:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/08/17 21:30:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/17 21:29:31 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/08/17 21:24:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/03 01:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/11/15 11:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/03/07 15:16:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1980/01/01 00:00:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
========== LOP Check ==========
[2009/10/17 17:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2010/09/19 08:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/18 23:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/08 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalCache
[2010/09/06 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/10/17 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Anonymizer
[2009/11/13 06:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\AVG9
[2010/01/16 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\HTSK
[2009/08/23 11:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\IBM
[2007/10/04 20:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\InterTrust
[2006/09/29 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\InterVideo
[2009/08/23 14
[2010/09/18 21:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\QuickScan
[2010/04/03 19:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\Sports Stats 2.0
[2009/10/17 11:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TommyG\Application Data\TeamViewer
[2010/09/19 17:32:16 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
========== Purity Check ==========
< End of report >
Senior Member
What password are we talking about here and how do you know, it's compromised?
Your computer would greatly benefit from adding another 512MB of RAM.
With that amount of RAM, I'd suggest, you switch to something lighter, than AVG, like:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: Avira AntiVir Personal - FREE Antivirus
If you'd like to do so, make sure to use AVG Remover to uninstall AVG: AVG - Tools download
================================================== ==========
Update your Java version here: Verify Java Version
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================== ============
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) [1 C:\Documents and Settings\TommyG\Desktop\*.tmp files -> C:\Documents and Settings\TommyG\Desktop\*.tmp -> ] :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================== ============
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
