[RESOLVED] IE 8 browser is hijacked

Printable View

Show 40 post(s) from this thread on one page

January 15th, 2011, 11:27 PM
tekwannabe

ComboFix results

ComboFix 11-01-14.01 - Shirley 01/15/2011 22:05:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2917 [GMT -5:00]
Running from: c:\documents and settings\Shirley\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Shirley\g2ax_expert_downloadhelper_win32_x86.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 02:26 . 2011-01-16 02:26 -------- d-----w- c:\program files\7-Zip
2011-01-15 21:37 . 2011-01-15 21:37 -------- d-----w- c:\documents and settings\Shirley\Application Data\Malwarebytes
2011-01-15 21:37 . 2011-01-15 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-15 21:37 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-15 21:37 . 2011-01-15 21:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-15 21:37 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 23:30 . 2011-01-11 23:30 -------- d-----w- c:\program files\WinSCP
2011-01-11 07:41 . 2011-01-11 07:41 -------- d-----w- c:\documents and settings\Shirley\Application Data\CoffeeCup Software
2011-01-11 07:40 . 1999-03-22 17:29 233472 ----a-w- c:\windows\system32\Ilda32.dll
2011-01-11 07:40 . 1998-06-17 09:00 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2011-01-11 07:40 . 2011-01-14 23:44 -------- d-----w- c:\program files\CoffeeCup Software
2011-01-09 18:45 . 2011-01-09 18:45 -------- d-----w- c:\documents and settings\Shirley\Local Settings\Application Data\Identities
2011-01-09 18:45 . 2011-01-15 22:26 -------- d-----w- c:\documents and settings\Shirley\Application Data\Esve
2011-01-09 18:45 . 2011-01-15 22:12 -------- d-----w- c:\documents and settings\Shirley\Application Data\Ykkua
2010-12-26 22:25 . 2010-12-26 22:29 -------- d-----w- c:\documents and settings\Shirley\Application Data\GARMIN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 05:21 . 2010-09-07 17:12 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-30 05:21 . 2010-09-07 17:12 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-23 05:48 . 2010-03-17 11:48 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-10-23 05:48 . 2009-12-11 14:45 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-10-23 05:44 . 2010-10-23 05:44 225280 ----a-w- c:\windows\system32\dsGinaLoader.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"GoToAssist Express Expert"="c:\program files\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" [2010-11-30 149368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
Glance.lnk - c:\program files\Glance25\Glance.exe [2010-5-23 1737504]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
PrintKey-Pro.lnk - c:\windows\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe [2009-11-22 1078]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-11-27 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\ShowMyDesktop\\CompShare\\WinVnc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Shirley\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [5/23/2010 1:56 PM 34080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 5:55 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:55]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:55]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{CAB37C53-F826-419E-8836-53538C30D4E7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: gotoassist.com\www
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-15 22:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-15 22:15:42
ComboFix-quarantined-files.txt 2011-01-16 03:15

Pre-Run: 105,407,303,680 bytes free
Post-Run: 105,351,700,480 bytes free

- - End Of File - - 1107BB9A115F8F987EFAE6F51B41F2DD
January 15th, 2011, 11:31 PM
Broni
How is redirection?

Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
January 15th, 2011, 11:49 PM
tekwannabe

OTL.txt part 1

OTL logfile created on: 1/15/2011 10:39:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Shirley\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 99.26 Gb Free Space | 68.78% Space Free | Partition Type: NTFS

Computer Name: TBCT-3D65AA9316 | User Name: Shirley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/01 04:14:46 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/11/30 06:03:53 | 000,149,368 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe
PRC - [2010/11/30 06:03:53 | 000,149,368 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_start.exe
PRC - [2010/11/30 06:03:53 | 000,149,368 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe
PRC - [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/10/23 00:48:40 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/06/01 09:07:30 | 001,602,904 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2010/03/10 21:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/10 21:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2010/01/27 10:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2009/10/16 15:18:38 | 001,737,504 | ---- | M] (Glance Networks, Inc.) -- C:\Program Files\Glance25\Glance.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/02/23 09:02:48 | 002,146,840 | ---- | M] (WareCentral.com) -- C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
PRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
MOD - [2004/08/10 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/23 00:48:40 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/16 10:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/02/18 19:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/05/13 09:56:28 | 000,034,080 | ---- | M] (Glance Networks, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\glancedrv.sys -- (glancedrv)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 17:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/04/25 10:28:14 | 000,871,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2005/03/31 17:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
January 15th, 2011, 11:50 PM
tekwannabe

OTL.txt part 2

IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/15 22:22:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/01/15 22:00:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003..\Run: [GoToAssist Express Expert] C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004..\Run: [uoxscgjk] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk = C:\Program Files\Glance25\Glance.exe (Glance Networks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk = C:\WINDOWS\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..Trusted Domains: gotoassist.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office2010.microsoft.com/site.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1282488788818 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shirley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shirley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/22 08:18:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54901231209938944)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 22:37:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
[2011/01/15 22:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\AVG10
[2011/01/15 22:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/15 22:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/01/15 22:23:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/15 22:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/15 22:22:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/15 22:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/01/15 22:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/15 22:17:58 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Shirley\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/15 21:50:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/15 21:47:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/15 21:47:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/15 21:47:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/15 21:47:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/15 21:47:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/15 21:39:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/15 21:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\bootkit_remover
[2011/01/15 21:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/15 21:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/15 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Malwarebytes
[2011/01/15 16:37:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/15 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/15 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/15 16:37:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/15 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/15 16:36:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shirley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/11 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\Calvary website backup
[2011/01/11 18:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2011/01/11 18:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011/01/11 02:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoffeeCup Software
[2011/01/11 02:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\CoffeeCup Software
[2011/01/11 02:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\CoffeeCup Software
[2011/01/11 02:40:43 | 000,233,472 | ---- | C] (Creative Development LTD) -- C:\WINDOWS\System32\Ilda32.dll
[2011/01/11 02:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2011/01/09 13:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Identities
[2011/01/09 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Ykkua
[2011/01/09 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Esve
[2011/01/03 09:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\GTE CU 2010
[2010/12/26 17:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\GARMIN
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Shirley\Desktop\*.tmp files -> C:\Documents and Settings\Shirley\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
[2011/01/15 22:35:09 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CAB37C53-F826-419E-8836-53538C30D4E7}.job
[2011/01/15 22:33:18 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/01/15 22:31:26 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
[2011/01/15 22:26:14 | 104,378,233 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/15 22:26:14 | 000,642,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/01/15 22:23:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/15 22:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/15 22:17:58 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Shirley\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/15 22:16:17 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix 11.doc
[2011/01/15 22:01:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/15 22:01:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/15 22:00:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/15 21:50:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/01/15 21:39:45 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\combofix.doc
[2011/01/15 21:39:07 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix.exe
[2011/01/15 21:25:20 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\bootkit_remover.rar
[2011/01/15 21:25:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\We need to double check your MBR.doc
[2011/01/15 21:13:51 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\dds.scr
[2011/01/15 21:11:16 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\MBRCheck.exe
[2011/01/15 17:53:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\hsec83sy.exe
[2011/01/15 16:37:48 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/15 16:37:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/15 16:37:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shirley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 18:47:24 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2011/01/14 14:44:10 | 001,299,299 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\html5-css3-handbook.pdf
[2011/01/14 13:43:22 | 001,894,912 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\Doc2.doc
[2011/01/14 13:42:47 | 003,457,536 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\Doc1.doc
[2011/01/14 12:56:22 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2011/01/14 12:56:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup HTML Editor.lnk
[2011/01/14 12:48:35 | 033,439,160 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeCup_HTML_Editor2010-Build_369.exe
[2011/01/14 12:43:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/01/14 12:18:34 | 000,004,243 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\4 Part Mood Questionnaire.pdf
[2011/01/13 01:21:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/01/12 19:06:04 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\winscp.rnd
[2011/01/11 18:34:18 | 000,026,770 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\FTP_infoCalvary.docx
[2011/01/11 18:30:48 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\WinSCP.lnk
[2011/01/11 02:40:19 | 033,439,672 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeHTML2010.exe
[2011/01/09 13:45:10 | 000,065,536 | -H-- | M] () -- C:\Documents and Settings\Shirley\Desktop\Dateline
[2011/01/09 12:59:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/06 18:08:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 17:30:14 | 000,532,340 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.xml
[2011/01/01 17:27:51 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.doc
[2010/12/26 17:34:49 | 000,483,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/26 17:34:49 | 000,079,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/25 20:22:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 09:55:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Shirley\Desktop\*.tmp files -> C:\Documents and Settings\Shirley\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 22:26:14 | 104,378,233 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/15 22:26:14 | 000,642,911 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/01/15 22:23:26 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/15 22:16:17 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix 11.doc
[2011/01/15 21:50:46 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/01/15 21:50:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/15 21:47:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/15 21:47:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/15 21:47:35 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/15 21:47:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/15 21:47:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/15 21:39:03 | 004,154,944 | R--- | C] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix.exe
[2011/01/15 21:36:38 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\combofix.doc
[2011/01/15 21:25:20 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\bootkit_remover.rar
[2011/01/15 21:25:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\We need to double check your MBR.doc
[2011/01/15 21:13:50 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\dds.scr
[2011/01/15 21:11:16 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\MBRCheck.exe
[2011/01/15 17:53:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\hsec83sy.exe
[2011/01/15 16:37:48 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/15 16:37:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 14:44:08 | 001,299,299 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\html5-css3-handbook.pdf
[2011/01/14 12:56:24 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\WinSys32.crc
[2011/01/14 12:56:22 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup HTML Editor.lnk
[2011/01/14 12:48:35 | 033,439,160 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeCup_HTML_Editor2010-Build_369.exe
[2011/01/14 12:43:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/01/14 12:38:11 | 001,894,912 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\Doc2.doc
[2011/01/14 12:37:29 | 003,457,536 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\Doc1.doc
[2011/01/14 12:18:34 | 000,004,243 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\4 Part Mood Questionnaire.pdf
[2011/01/11 18:34:17 | 000,026,770 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\FTP_infoCalvary.docx
[2011/01/11 18:30:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Shirley\Application Data\winscp.rnd
[2011/01/11 18:30:48 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\WinSCP.lnk
[2011/01/11 02:42:28 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2011/01/11 02:40:19 | 033,439,672 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeHTML2010.exe
[2011/01/09 13:45:10 | 000,065,536 | -H-- | C] () -- C:\Documents and Settings\Shirley\Desktop\Dateline
[2011/01/01 17:30:14 | 000,532,340 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.xml
[2011/01/01 17:27:51 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.doc
[2010/09/07 11:51:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/08/12 02:03:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/06 21:06:22 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2010/02/07 11:51:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/07 11:51:37 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2010/01/02 13:14:17 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/11/27 11:52:01 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2009/11/22 10:05:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/11/22 09:56:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/22 08:25:59 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\fusioncache.dat
[2009/11/22 03:08:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/01/15 22:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/15 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/29 07:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/01/15 22:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/11/22 08:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/12/11 09:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/01/15 22:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/02 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/06/24 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/04 08:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2009/12/27 08:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/11/28 18:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/15 22:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG10
[2010/11/01 08:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\CallingID
[2010/07/11 05:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/25 03:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Research In Motion
[2011/01/15 22:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\AVG10
[2011/01/11 02:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\CoffeeCup Software
[2011/01/15 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Esve
[2010/12/26 17:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\GARMIN
[2010/12/22 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Juniper Networks
[2010/06/24 20:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Research In Motion
[2010/11/29 07:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\SupportSoft
[2010/05/31 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\TeamViewer
[2010/10/10 10:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\TechSmith
[2011/01/15 17:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Ykkua
[2011/01/15 22:35:09 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CAB37C53-F826-419E-8836-53538C30D4E7}.job

========== Purity Check ==========

========== Custom Scans ==========

< How is redirection? >

< >

< >

< %SYSTEMDRIVE%\*.* >
[2009/11/27 11:56:23 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2009/11/22 08:18:08 | 000,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2009/11/22 08:12:13 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/01/15 21:50:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2009/11/22 09:00:58 | 000,035,381 | ---- | M] () -- C:\caavsetupLog.txt
[2011/01/15 21:44:30 | 000,000,510 | ---- | M] () -- C:\caEntitlementLog.txt
[2011/01/15 21:47:26 | 001,744,544 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/15 22:15:43 | 000,011,343 | ---- | M] () -- C:\ComboFix.txt
[2009/11/22 08:18:08 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS
[2009/11/22 08:18:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/22 08:18:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/15 22:01:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2009/11/22 08:17:45 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/02/09 15:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/11/22 03:06:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/22 03:06:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/22 03:06:33 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/11/22 08:18:09 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/22 08:33:04 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/11/22 08:33:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/15 22:17:58 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Shirley\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/14 12:48:35 | 033,439,160 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeCup_HTML_Editor2010-Build_369.exe
[2011/01/11 02:40:19 | 033,439,672 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeHTML2010.exe
[2011/01/15 21:39:07 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix.exe
[2010/02/07 11:20:01 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CompShareClient_1022.exe
[2010/02/07 12:46:03 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CompShareClient_1023.exe
[2010/01/31 13:11:55 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CompShareServer_1123.exe
[2010/01/31 15:50:07 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CompShareServer_1125.exe
[2010/01/30 12:19:29 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CompShareServer_1182.exe
[2010/02/01 17:54:21 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CompShareServer_1201.exe
[2011/01/15 17:53:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\hsec83sy.exe
[2009/11/22 08:59:34 | 045,145,784 | ---- | M] (CA) -- C:\Documents and Settings\Shirley\Desktop\iss_en_32.exe
[2011/01/15 16:37:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shirley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/15 21:11:16 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\MBRCheck.exe
[2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
[2010/02/07 11:50:36 | 033,823,016 | ---- | M] (Logitech Inc. ) -- C:\Documents and Settings\Shirley\Desktop\qc848enu.exe
[2010/05/02 12:37:06 | 489,204,736 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Shirley\Desktop\QuickBooksSimpleStartFree2010.exe
[2010/02/08 18:45:28 | 001,988,400 | ---- | M] (1.0.6.5 ) -- C:\Documents and Settings\Shirley\Desktop\UltraVNC_1.0.6.5_Setup.exe
[3 C:\Documents and Settings\Shirley\Desktop\*.tmp files -> C:\Documents and Settings\Shirley\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/11/22 08:33:03 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Shirley\Favorites\Desktop.ini
[2009/12/12 11:58:44 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Shirley\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/07/24 12:57:45 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Shirley\Cookies\desktop.ini
[2011/01/15 22:37:09 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Shirley\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 06:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/10 06:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 01:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 01:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/10 06:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/10 06:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/10 06:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-13 08:03:03

< >

< >

< >

< __________________ >
January 15th, 2011, 11:51 PM
tekwannabe

Extras.Txt

OTL Extras logfile created on: 1/15/2011 10:39:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Shirley\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 99.26 Gb Free Space | 68.78% Space Free | Partition Type: NTFS

Computer Name: TBCT-3D65AA9316 | User Name: Shirley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\ShowMyDesktop\CompShare\WinVnc.exe" = C:\Program Files\ShowMyDesktop\CompShare\WinVnc.exe:*:Enabled:Presenter VNC -- (CompShare)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Documents and Settings\Shirley\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Shirley\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5EFA4EA3-0604-458C-A06D-485F6B2724C9}" = PrintKey-Pro v1.05
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESPNMotion" = ESPNMotion
"Glance_is1" = Glance 2.5
"GoldenVideos" = Golden Videos
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Hyperhealth Pro v8.0" = Hyperhealth Pro v8.0
"ie8" = Windows Internet Explorer 8
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"TeamViewer 5" = TeamViewer 5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"winscp3_is1" = WinSCP 4.2.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToAssist Express Expert" = GoToAssist Expert 1.5.0.258
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2011 3:49:11 PM | Computer Name = TBCT-3D65AA9316 | Source = UmxAgent | ID = 99
Description =

Error - 1/13/2011 6:43:34 PM | Computer Name = TBCT-3D65AA9316 | Source = UmxAgent | ID = 99
Description =

Error - 1/13/2011 6:46:52 PM | Computer Name = TBCT-3D65AA9316 | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.1.37, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2011 6:50:55 PM | Computer Name = TBCT-3D65AA9316 | Source = Application Error | ID = 1000
Description = Faulting application hpqimzone.exe, version 65.0.117.0, faulting module
kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Error - 1/14/2011 5:34:50 AM | Computer Name = TBCT-3D65AA9316 | Source = UmxAgent | ID = 99
Description =

Error - 1/15/2011 8:59:13 AM | Computer Name = TBCT-3D65AA9316 | Source = UmxAgent | ID = 99
Description =

Error - 1/15/2011 5:28:19 PM | Computer Name = TBCT-3D65AA9316 | Source = UmxAgent | ID = 99
Description =

Error - 1/15/2011 6:46:23 PM | Computer Name = TBCT-3D65AA9316 | Source = UmxAgent | ID = 99
Description =

Error - 1/15/2011 6:50:36 PM | Computer Name = TBCT-3D65AA9316 | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.1.37, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2011 11:04:22 PM | Computer Name = TBCT-3D65AA9316 | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.1.37, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/13/2011 6:42:48 PM | Computer Name = TBCT-3D65AA9316 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/15/2011 9:00:10 AM | Computer Name = TBCT-3D65AA9316 | Source = DCOM | ID = 10010
Description = The server {BA3D0120-E617-4F66-ADCA-585CC2FB86DB} did not register
with DCOM within the required timeout.

Error - 1/15/2011 6:46:01 PM | Computer Name = TBCT-3D65AA9316 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/15/2011 6:46:01 PM | Computer Name = TBCT-3D65AA9316 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the CaCCProvSP service to
connect.

Error - 1/15/2011 6:46:01 PM | Computer Name = TBCT-3D65AA9316 | Source = Service Control Manager | ID = 7000
Description = The CaCCProvSP service failed to start due to the following error:
%%1053

Error - 1/15/2011 6:47:38 PM | Computer Name = TBCT-3D65AA9316 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/15/2011 6:47:39 PM | Computer Name = TBCT-3D65AA9316 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the CaCCProvSP service to
connect.

Error - 1/15/2011 6:47:39 PM | Computer Name = TBCT-3D65AA9316 | Source = Service Control Manager | ID = 7000
Description = The CaCCProvSP service failed to start due to the following error:
%%1053

Error - 1/15/2011 6:54:41 PM | Computer Name = TBCT-3D65AA9316 | Source = Service Control Manager | ID = 7034
Description = The CAAMSvc service terminated unexpectedly. It has done this 1 time(s).

Error - 1/15/2011 11:03:32 PM | Computer Name = TBCT-3D65AA9316 | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 fd5df6a8, parameter3
00000000, parameter4 00000000.

< End of report >
January 16th, 2011, 12:11 AM
tekwannabe

Broni,
I am signing off for the evening, I will check in tomorrow.
Thank you for your help!
January 16th, 2011, 02:06 AM
Broni
You didn't say:

Quote:

How is redirection?

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================================

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  Code:
  
  :OTL IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075 O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found. O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found. O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found. O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004..\Run: [uoxscgjk] File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.) [2011/01/09 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Ykkua [2011/01/09 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Esve [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Shirley\Desktop\*.tmp files -> C:\Documents and Settings\Shirley\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2011/01/14 12:56:24 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\WinSys32.crc [2010/09/07 11:51:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll :Commands [purity] [emptytemp] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
January 16th, 2011, 10:27 AM
tekwannabe

OTL custom scan log

I wanted to say Thank you for your help!
Redirection is not happening on my side of the pc but when I log in as my husband there is no redirection but IE will not work- page comes up but will not allow us to go to any pages on the internet.
Last night I had to uninstall CA security so I installed AVg when the notes told me to install security back (I knew that would be a quick install)

I will now run OTL again and quick scan and post my results.

All processes killed
========== OTL ==========
HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_USERS\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_USERS\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\uoxscgjk deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\Documents and Settings\Shirley\Application Data\Ykkua folder moved successfully.
C:\Documents and Settings\Shirley\Application Data\Esve folder moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\Shirley\Desktop\~WRL1857.tmp deleted successfully.
C:\Documents and Settings\Shirley\Desktop\~WRL2408.tmp deleted successfully.
C:\Documents and Settings\Shirley\Desktop\~WRL3086.tmp deleted successfully.
C:\WINDOWS\System32\drivers\HFX1F.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\WinSys32.crc moved successfully.
C:\WINDOWS\system32\mkghj.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Michael
->Temp folder emptied: 427483 bytes
->Temporary Internet Files folder emptied: 15692603 bytes
->Java cache emptied: 3649658 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2157873 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Shirley
->Temp folder emptied: 10694424 bytes
->Temporary Internet Files folder emptied: 73064921 bytes
->Java cache emptied: 990912 bytes
->Flash cache emptied: 2916557 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 105.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

User: Shirley
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.2 log created on 01162011_091322

Files\Folders moved on Reboot...
C:\Documents and Settings\Michael\Local Settings\Temp\AdobeARM.log moved successfully.
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DF6193.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DF619E.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DF620C.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DF6217.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DF6247.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DF6252.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DFCD67.tmp not found!
File\Folder C:\Documents and Settings\Shirley\Local Settings\Temp\~DFDBBC.tmp not found!
C:\Documents and Settings\Shirley\Local Settings\Temporary Internet Files\Content.IE5\YSXDG2UL\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Shirley\Local Settings\Temporary Internet Files\Content.IE5\QVMASQVZ\showthread[1].htm moved successfully.

Registry entries deleted on Reboot...
January 16th, 2011, 10:33 AM
tekwannabe

OTL Quick Scan

OTL logfile created on: 1/16/2011 9:28:25 AM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Shirley\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 99.30 Gb Free Space | 68.81% Space Free | Partition Type: NTFS

Computer Name: TBCT-3D65AA9316 | User Name: Shirley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/01 04:14:46 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/11/30 06:03:53 | 000,149,368 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe
PRC - [2010/11/30 06:03:53 | 000,149,368 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_start.exe
PRC - [2010/11/30 06:03:53 | 000,149,368 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe
PRC - [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/10/23 00:48:40 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/03/10 21:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/16 15:18:38 | 001,737,504 | ---- | M] (Glance Networks, Inc.) -- C:\Program Files\Glance25\Glance.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/02/23 09:02:48 | 002,146,840 | ---- | M] (WareCentral.com) -- C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
PRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
MOD - [2004/08/10 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/23 00:48:40 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/16 10:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/02/18 19:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/05/13 09:56:28 | 000,034,080 | ---- | M] (Glance Networks, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\glancedrv.sys -- (glancedrv)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 17:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/04/25 10:28:14 | 000,871,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2005/03/31 17:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/15 22:22:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/01/15 22:00:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003..\Run: [GoToAssist Express Expert] C:\Program Files\Citrix\GoToAssist Express Expert\258\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk = C:\Program Files\Glance25\Glance.exe (Glance Networks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk = C:\WINDOWS\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1993962763-1035525444-725345543-1003\..Trusted Domains: gotoassist.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office2010.microsoft.com/site.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1282488788818 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shirley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shirley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/22 08:18:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/16 09:15:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/16 09:13:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/16 09:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\JavaRa
[2011/01/16 09:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/16 09:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/16 05:38:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/15 22:37:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
[2011/01/15 22:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\AVG10
[2011/01/15 22:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/15 22:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/01/15 22:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/15 22:22:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/15 22:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/01/15 22:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/15 22:17:58 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Shirley\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/15 21:50:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/15 21:47:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/15 21:47:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/15 21:47:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/15 21:47:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/15 21:47:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/15 21:39:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/15 21:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\bootkit_remover
[2011/01/15 21:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/01/15 21:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/15 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Malwarebytes
[2011/01/15 16:37:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/15 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/15 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/15 16:37:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/15 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/15 16:36:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shirley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/11 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\Calvary website backup
[2011/01/11 18:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2011/01/11 18:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011/01/11 02:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoffeeCup Software
[2011/01/11 02:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\CoffeeCup Software
[2011/01/11 02:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\CoffeeCup Software
[2011/01/11 02:40:43 | 000,233,472 | ---- | C] (Creative Development LTD) -- C:\WINDOWS\System32\Ilda32.dll
[2011/01/11 02:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2011/01/09 13:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Identities
[2011/01/03 09:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\GTE CU 2010
[2010/12/26 17:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\GARMIN

========== Files - Modified Within 30 Days ==========

[2011/01/16 09:23:43 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/01/16 09:21:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/16 09:21:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/16 09:19:25 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
[2011/01/16 09:16:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/16 09:09:43 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\JavaRa.zip
[2011/01/16 09:06:16 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\How is redirection.doc
[2011/01/16 08:14:06 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CAB37C53-F826-419E-8836-53538C30D4E7}.job
[2011/01/16 07:43:48 | 104,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\Desktop\OTL.exe
[2011/01/15 22:26:14 | 000,642,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/01/15 22:23:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/15 22:17:58 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Shirley\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/15 22:16:17 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix 11.doc
[2011/01/15 22:00:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/15 21:50:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/01/15 21:39:45 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\combofix.doc
[2011/01/15 21:39:07 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix.exe
[2011/01/15 21:25:20 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\bootkit_remover.rar
[2011/01/15 21:25:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\We need to double check your MBR.doc
[2011/01/15 21:13:51 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\dds.scr
[2011/01/15 21:11:16 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\MBRCheck.exe
[2011/01/15 17:53:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\hsec83sy.exe
[2011/01/15 16:37:48 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/15 16:37:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/15 16:37:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shirley\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 14:44:10 | 001,299,299 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\html5-css3-handbook.pdf
[2011/01/14 13:43:22 | 001,894,912 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\Doc2.doc
[2011/01/14 13:42:47 | 003,457,536 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\Doc1.doc
[2011/01/14 12:56:22 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2011/01/14 12:56:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup HTML Editor.lnk
[2011/01/14 12:48:35 | 033,439,160 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeCup_HTML_Editor2010-Build_369.exe
[2011/01/14 12:43:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/01/14 12:18:34 | 000,004,243 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\4 Part Mood Questionnaire.pdf
[2011/01/13 01:21:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/01/12 19:06:04 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\winscp.rnd
[2011/01/11 18:34:18 | 000,026,770 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\FTP_infoCalvary.docx
[2011/01/11 18:30:48 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\WinSCP.lnk
[2011/01/11 02:40:19 | 033,439,672 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeHTML2010.exe
[2011/01/09 13:45:10 | 000,065,536 | -H-- | M] () -- C:\Documents and Settings\Shirley\Desktop\Dateline
[2011/01/09 12:59:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/06 18:08:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 17:30:14 | 000,532,340 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.xml
[2011/01/01 17:27:51 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.doc
[2010/12/26 17:34:49 | 000,483,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/26 17:34:49 | 000,079,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/25 20:22:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 09:55:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/01/16 09:09:46 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\JavaRa.zip
[2011/01/16 09:06:15 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\How is redirection.doc
[2011/01/16 07:43:48 | 104,416,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/15 22:26:14 | 000,642,911 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/01/15 22:23:26 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/15 22:16:17 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix 11.doc
[2011/01/15 21:50:46 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/01/15 21:50:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/15 21:47:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/15 21:47:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/15 21:47:35 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/15 21:47:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/15 21:47:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/15 21:39:03 | 004,154,944 | R--- | C] () -- C:\Documents and Settings\Shirley\Desktop\ComboFix.exe
[2011/01/15 21:36:38 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\combofix.doc
[2011/01/15 21:25:20 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\bootkit_remover.rar
[2011/01/15 21:25:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\We need to double check your MBR.doc
[2011/01/15 21:13:50 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\dds.scr
[2011/01/15 21:11:16 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\MBRCheck.exe
[2011/01/15 17:53:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\hsec83sy.exe
[2011/01/15 16:37:48 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/15 16:37:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 14:44:08 | 001,299,299 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\html5-css3-handbook.pdf
[2011/01/14 12:56:22 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup HTML Editor.lnk
[2011/01/14 12:48:35 | 033,439,160 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeCup_HTML_Editor2010-Build_369.exe
[2011/01/14 12:43:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/01/14 12:38:11 | 001,894,912 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\Doc2.doc
[2011/01/14 12:37:29 | 003,457,536 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\Doc1.doc
[2011/01/14 12:18:34 | 000,004,243 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\4 Part Mood Questionnaire.pdf
[2011/01/11 18:34:17 | 000,026,770 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\FTP_infoCalvary.docx
[2011/01/11 18:30:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Shirley\Application Data\winscp.rnd
[2011/01/11 18:30:48 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\WinSCP.lnk
[2011/01/11 02:42:28 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Shirley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2011/01/11 02:40:19 | 033,439,672 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\CoffeeHTML2010.exe
[2011/01/09 13:45:10 | 000,065,536 | -H-- | C] () -- C:\Documents and Settings\Shirley\Desktop\Dateline
[2011/01/01 17:30:14 | 000,532,340 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.xml
[2011/01/01 17:27:51 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\html xmlns_source code Calvary website.doc
[2010/08/12 02:03:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/06 21:06:22 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2010/02/07 11:51:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/07 11:51:37 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2010/01/02 13:14:17 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/11/27 11:52:01 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2009/11/22 10:05:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/11/22 09:56:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/22 08:25:59 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\fusioncache.dat
[2009/11/22 03:08:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/01/15 22:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/15 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/29 07:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/01/15 22:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/11/22 08:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/12/11 09:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/01/15 22:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/02 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/06/24 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/04 08:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2009/12/27 08:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/11/28 18:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/15 22:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG10
[2010/11/01 08:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\CallingID
[2010/07/11 05:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/25 03:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Research In Motion
[2011/01/15 22:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\AVG10
[2011/01/11 02:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\CoffeeCup Software
[2010/12/26 17:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\GARMIN
[2010/12/22 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Juniper Networks
[2010/06/24 20:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Research In Motion
[2010/11/29 07:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\SupportSoft
[2010/05/31 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\TeamViewer
[2010/10/10 10:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\TechSmith
[2011/01/16 08:14:06 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CAB37C53-F826-419E-8836-53538C30D4E7}.job

========== Purity Check ==========

< End of report >
January 16th, 2011, 10:39 AM
tekwannabe

THANK YOU, THANK YOU!!

No redirection on either side and now my husband can get to the internet!:) I really appreciate your hard work and hanging in there with me!!

THANK YOU:D
January 16th, 2011, 12:46 PM
Broni
Excellent!

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- IMPORTANT! UN-check Remove found threats
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
January 17th, 2011, 12:08 PM
tekwannabe

THANK YOU, THANK YOU!!

No Threats found! I really appreciate your help!
January 17th, 2011, 12:46 PM
Broni

Good :)

I still want to see SecurityCheck log.
January 17th, 2011, 02:09 PM
tekwannabe

Security check log

See below the Security check log:
I have a question my friend just called and a very similar situation happened to her pc (she clicked on a link and all of a sudden she started getting a warning that she has a virus and now her IE browser has been hijacked). I offered to help her via copy/paste run logs per your directions but she has no patience with pc's and wants to pay someone. My question is and there maybe an answer out on the help boards:
How do people know when there is a virus sitting behind a weblink or how to prevent this?
Thanks again :)

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
CA Anti-Virus Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.2.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
CA CA Internet Security Suite CA Anti-Virus Plus isafe.exe
``````````End of Log````````````
January 17th, 2011, 02:14 PM
Broni
Quote:

How do people know when there is a virus sitting behind a weblink or how to prevent this?

Nothing is 100% bulletproof, but WOT listed below will help you.

=================================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

================================================================

You need to install Service Pack 3!

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3 installation!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Show 40 post(s) from this thread on one page