WiredWX Hobby Weather ToolsLog in

 


descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyInfected with Virus three times in last 2 weeks... Frustrated!

more_horiz
I am completely frustrated. A few weeks back, my desktop got infected with trojan fake.alert. I was able to get rid of it, but not until after I purchased copy of Spyware Doctor. Ok, no biggie... I was happy to have the trojan gone. I then made sure my antivirus was up-to-date and scheduled my av and spyware doctor to run a scan evey night after I went to bed (yeah, I know... overkill). Although my laptop was not affected, I made sure it was up-to-date as well.

The last few days I've been laid up after having foot surgery. Obviously, my laptop has been a real blessing during my couch potato time. However, today, my laptop got hit with a virus (nuqel.e) that had very similar characteristics as my desktop problem the previous week. I had trouble doing anything at all and nȯne of my av or spyware doc programs worked. One minute I was checking email and surfing the web, and the next, my laptop screen was covered with fake warnings that I had a virus and nothing worked. I went to my desktop computer, which I hadn't touched in days due to being a couch potato, and it was also infected... again!

I don't understand how my computers can be infected so easily. I have cable internet access, a router, secure wireless, antivirus software running, spyware doctor running, and I don't go to risky websites or open mail from unknown sources (Although... I HAD Limewire on my desktop computer, but I set it so that I didn't share with anyone and I hadn't used it in months. I've since uninstalled it). I've been using computers for years and have not had this many problems in all that time. If this virus/trojan/whatever can turn off all the security I put in place, what's the sense of having any of it? Am I going to be battling this problem every week now?

I'm providing a HijackThis log and would appreciate any advice. This log is from my laptop... when I can, I'll open a separate topic for my desktop log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:44:42 AM, on 2/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca0997d95c1f83) (gupdate1ca0997d95c1f83) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12332 bytes

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Here is the OTL.txt log:

OTL logfile created on: 2/10/2010 2:45:33 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.04 Gb Total Space | 239.50 Gb Free Space | 84.32% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 2.10 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 483.56 Mb Total Space | 448.86 Mb Free Space | 92.82% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDAS-COMPUTER
Current User Name: Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/10 14:41:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2010/01/17 17:39:57 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/01/17 17:39:51 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/16 16:40:05 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/02 10:56:00 | 024,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/06/02 10:56:00 | 000,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/02 20:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/19 11:14:06 | 000,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/10/25 07:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/23 14:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/10/22 12:32:20 | 000,628,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/10/10 14:24:44 | 000,206,128 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/09/15 09:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/06/09 12:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 12:16:32 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 14:41:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/08/13 17:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/11 02:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/10 09:04:58 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/01/17 17:39:51 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/20 19:11:36 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1ca0997d95c1f83) Google Update Service (gupdate1ca0997d95c1f83)
SRV - [2009/07/20 19:10:32 | 000,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/02 20:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/19 11:14:06 | 000,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/23 14:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/10/09 09:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/15 09:13:38 | 000,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/06/09 12:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/01/17 17:40:16 | 000,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/01/17 17:40:14 | 000,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/01/17 17:40:12 | 000,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/11/09 11:20:10 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/13 17:09:38 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/04/11 00:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/08 02:16:50 | 000,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009/04/08 02:16:50 | 000,178,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/04/08 02:16:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/04/08 02:16:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/12/10 10:31:26 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/27 19:40:02 | 001,164,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 16:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 00:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/28 02:06:00 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 21:47:02 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/04/23 20:09:51] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.8.6
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.62
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/01/17 17:39:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/09 10:20:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/06 08:32:22 | 000,000,000 | ---D | M]

[2010/01/03 19:44:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/02/09 15:27:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\gjt5g73c.default\extensions
[2010/01/03 19:53:38 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\gjt5g73c.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/01/03 19:53:38 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\gjt5g73c.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/01/03 19:46:21 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\gjt5g73c.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/01/23 06:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\gjt5g73c.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/03 19:44:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/10 14:41:19 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/02/09 16:08:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2010/02/09 16:08:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/09 16:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/09 16:08:35 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/09 16:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/09 15:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/02/09 15:05:48 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/02/09 15:05:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/09 15:05:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/09 15:05:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/02/09 15:05:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/02/09 15:05:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/02/09 15:05:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/09 15:05:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/02/09 15:05:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/09 15:05:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/09 15:03:14 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/02/06 08:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/01/23 11:11:20 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/01/23 11:11:20 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/23 11:11:19 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/01/23 11:11:19 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/23 11:11:19 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/01/23 11:11:19 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/01/23 11:11:18 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/01/23 11:11:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/01/23 11:11:18 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/01/23 11:11:18 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/01/23 11:11:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/23 11:11:18 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/01/23 11:11:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/01/23 11:11:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/01/23 11:11:18 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/01/23 11:11:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/01/23 11:11:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/01/23 11:11:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/01/23 11:11:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/23 11:11:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/01/23 11:11:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/23 11:11:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/01/23 11:11:17 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/01/23 11:11:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/01/23 11:11:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/01/23 11:11:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/01/23 11:11:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/01/23 11:11:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/01/23 11:11:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/01/23 11:11:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/01/23 11:11:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/23 10:48:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/01/17 17:52:07 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/01/17 17:52:06 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/01/17 17:52:06 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/01/17 17:47:39 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/01/17 17:47:39 | 000,132,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/01/17 17:47:28 | 000,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/01/17 17:47:14 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/01/17 17:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/01/17 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\PC Tools
[2010/01/17 17:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/17 17:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/01/17 17:40:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/01/17 17:40:17 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/01/17 17:40:16 | 000,470,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/01/17 17:40:13 | 000,422,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/01/17 17:40:12 | 000,034,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/01/17 17:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/01/17 17:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/01/17 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/16 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/01/16 12:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/01/16 10:58:25 | 000,000,000 | ---D | C] -- C:\Users\owner\New Folder
[2010/01/16 08:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/01/16 08:03:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\NCH Swift Sound
[2010/01/16 08:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010/01/16 07:50:36 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft Help
[2010/01/13 16:31:22 | 000,000,000 | ---D | C] -- C:\Users\owner\Church Pictures
[2010/01/12 18:28:57 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/01/12 18:28:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/12 18:28:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/01/12 18:28:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

========== Files - Modified Within 30 Days ==========

[2010/02/10 14:45:32 | 001,310,720 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/02/10 14:42:22 | 000,012,116 | ---- | M] () -- C:\Users\owner\Desktop\Download OTL by OldTimer to your Desktop.docx
[2010/02/10 14:41:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/02/10 14:15:11 | 000,627,712 | ---- | M] () -- C:\Users\owner\Desktop\EPACS Meeting 02102010.ppt
[2010/02/10 13:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/10 13:42:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/10 13:22:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 13:22:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 11:15:36 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1CDF20C6-AB1E-4BBA-9FDD-64F8A88A74F7}.job
[2010/02/10 08:26:05 | 055,395,969 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 08:13:59 | 000,033,689 | ---- | M] () -- C:\Users\owner\Desktop\Me on my Harley.jpg
[2010/02/10 07:36:11 | 000,002,513 | ---- | M] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2010/02/10 07:00:55 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/10 07:00:55 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/10 07:00:55 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/10 06:58:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/10 06:57:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/10 03:22:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/10 03:21:31 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/10 03:20:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/10 03:20:19 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{77ec4753-15b1-11df-8377-00235a42abf4}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 03:20:19 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{77ec4753-15b1-11df-8377-00235a42abf4}.TM.blf
[2010/02/10 03:20:18 | 006,291,456 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/02/09 17:02:48 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{77ec4753-15b1-11df-8377-00235a42abf4}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 16:07:30 | 000,473,805 | ---- | M] () -- C:\Users\owner\Desktop\instructions.docx
[2010/02/09 14:34:42 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 14:34:42 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/02/09 14:26:05 | 000,000,680 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/02/07 11:12:00 | 000,123,944 | ---- | M] () -- C:\Users\owner\Desktop\House front.jpg
[2010/02/02 19:00:25 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/01/28 15:39:49 | 000,012,944 | ---- | M] () -- C:\Users\owner\Desktop\Notes.docx
[2010/01/28 12:18:31 | 000,010,632 | ---- | M] () -- C:\Users\owner\Desktop\investigation cost.docx
[2010/01/28 12:15:10 | 000,014,032 | ---- | M] () -- C:\Users\owner\Desktop\PAM BPL Sub.docx
[2010/01/28 11:38:02 | 000,770,399 | ---- | M] () -- C:\Users\owner\Desktop\20091028_EPACS Roles and Responsibility-DRAFT.pdf
[2010/01/28 09:09:53 | 000,011,929 | ---- | M] () -- C:\Users\owner\Desktop\Copy of Physical Access Mgmt BPL Priorities.xlsx
[2010/01/27 09:01:01 | 000,005,120 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 18:39:57 | 000,014,797 | ---- | M] () -- C:\Users\owner\Desktop\PIV Badge Issues.docx
[2010/01/23 13:28:24 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/01/23 10:48:52 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/17 17:40:18 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/01/17 17:40:17 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/01/17 17:40:16 | 000,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/01/17 17:40:14 | 000,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/01/17 17:40:12 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/01/17 17:40:12 | 000,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/01/17 17:40:11 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/01/16 18:02:12 | 000,388,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/16 14:51:26 | 000,106,960 | ---- | M] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/16 08:13:28 | 234,272,256 | ---- | M] () -- C:\Users\owner\Youth Group.ppt
[2010/01/16 08:03:05 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk

========== Files Created - No Company Name ==========

[2010/02/10 14:42:21 | 000,012,116 | ---- | C] () -- C:\Users\owner\Desktop\Download OTL by OldTimer to your Desktop.docx
[2010/02/10 14:15:09 | 000,627,712 | ---- | C] () -- C:\Users\owner\Desktop\EPACS Meeting 02102010.ppt
[2010/02/10 08:13:58 | 000,033,689 | ---- | C] () -- C:\Users\owner\Desktop\Me on my Harley.jpg
[2010/02/09 16:07:29 | 000,473,805 | ---- | C] () -- C:\Users\owner\Desktop\instructions.docx
[2010/02/09 15:42:32 | 000,002,513 | ---- | C] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2010/02/09 14:47:29 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{77ec4753-15b1-11df-8377-00235a42abf4}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 14:47:29 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{77ec4753-15b1-11df-8377-00235a42abf4}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 14:47:29 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{77ec4753-15b1-11df-8377-00235a42abf4}.TM.blf
[2010/02/09 14:26:05 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/02/07 11:11:59 | 000,123,944 | ---- | C] () -- C:\Users\owner\Desktop\House front.jpg
[2010/01/28 12:18:30 | 000,010,632 | ---- | C] () -- C:\Users\owner\Desktop\investigation cost.docx
[2010/01/28 11:38:02 | 000,770,399 | ---- | C] () -- C:\Users\owner\Desktop\20091028_EPACS Roles and Responsibility-DRAFT.pdf
[2010/01/28 10:14:01 | 000,012,944 | ---- | C] () -- C:\Users\owner\Desktop\Notes.docx
[2010/01/28 09:09:52 | 000,011,929 | ---- | C] () -- C:\Users\owner\Desktop\Copy of Physical Access Mgmt BPL Priorities.xlsx
[2010/01/28 09:08:41 | 000,014,032 | ---- | C] () -- C:\Users\owner\Desktop\PAM BPL Sub.docx
[2010/01/26 18:39:57 | 000,014,797 | ---- | C] () -- C:\Users\owner\Desktop\PIV Badge Issues.docx
[2010/01/17 17:52:07 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/17 17:52:07 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/01/17 17:52:07 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/01/17 17:52:07 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/01/17 17:52:06 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/01/17 17:47:39 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/01/17 17:47:28 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/01/17 17:47:14 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/01/17 17:47:08 | 000,439,636 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistMSI0B95.txt
[2010/01/17 17:47:08 | 000,010,570 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistUI0B98.txt
[2010/01/17 17:47:07 | 000,011,446 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistUI0B95.txt
[2010/01/17 17:40:18 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/01/17 17:40:17 | 055,395,969 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/01/17 17:40:17 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/17 17:40:12 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/01/17 17:40:11 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/01/16 08:29:38 | 000,005,120 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 08:03:05 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2010/01/13 16:27:47 | 234,272,256 | ---- | C] () -- C:\Users\owner\Youth Group.ppt
[2009/06/27 19:23:48 | 001,263,689 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2009/06/27 19:13:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/14 08:57:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/14 08:56:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 11:31:19 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2009/06/11 11:31:19 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2009/06/11 11:31:19 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2009/06/11 11:31:17 | 000,170,752 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/04/23 22:41:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/04/23 22:41:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/04/23 22:40:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/04/23 22:38:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/04/23 22:35:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/04/08 04:00:37 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/08 03:52:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/08 03:49:44 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/08 03:47:54 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Here is the Extras.txt Log:

OTL Extras logfile created on: 2/10/2010 2:45:34 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.04 Gb Total Space | 239.50 Gb Free Space | 84.32% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 2.10 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 483.56 Mb Total Space | 448.86 Mb Free Space | 92.82% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDAS-COMPUTER
Current User Name: Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B0 09 9A 1F 14 ED C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3520707E-ABC9-4387-8FA4-4D4BF6FC3E06}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FA5C25-0C6F-41AD-B5EF-0DF277C1CDBB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{0E3876FB-A9CC-4876-BE65-58BEE0276E25}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{31093FFE-E53B-484F-B800-4B2ECB35E551}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{395A3C24-0DF8-42B8-B065-25A7B43F367E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{39AD7C49-F3BD-4F5B-9F76-DB17C2A96F32}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{5F6A21AD-3D9F-47C7-BF3C-4A3A388B3D01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{67CE4170-D8A4-44E4-8ADE-86020DB46068}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{789A4E18-367D-4081-A7CB-5032FDC27340}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{863B5662-125F-49DE-93D2-D7674492FC23}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{B58259E6-8F79-4E2D-9ADC-CBA0CEFB2B83}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{BC239D64-81F5-49CA-92C9-1B543B4C4477}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{C0AE32BF-A18F-4016-81D7-4618A75C4C10}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C118A318-6763-44B4-AD19-7846C82199C8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C7800FBF-E00E-4B06-8787-A9DA0744685D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D558A397-1EB2-4DA6-AD76-7538EAC2D5DF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DF94B9C9-636D-4912-8C0E-73268B03273F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E21AF8E2-720A-4F8D-860E-02F177BF2660}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E370AF46-0E43-4A54-B1B1-CD89B63108DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{E409CCE4-CDA1-43AE-B2D1-D25C75E02302}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{F529D461-4EFF-45C7-9FE6-6C28F1ACF2FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FD596BB3-32C5-47FC-A290-0DE7850334B8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™️ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.11
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Spyware Doctor" = Spyware Doctor 7.0
"Switch" = Switch Sound File Converter
"Zuma's Revenge!" = Zuma's Revenge!

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/3/2010 7:46:48 PM | Computer Name = Lindas-Computer | Source = WinMgmt | ID = 10
Description =

Error - 2/4/2010 4:49:04 AM | Computer Name = Lindas-Computer | Source = WinMgmt | ID = 10
Description =

Error - 2/4/2010 11:39:37 AM | Computer Name = Lindas-Computer | Source = EventSystem | ID = 4621
Description =

Error - 2/5/2010 8:48:39 AM | Computer Name = Lindas-Computer | Source = WinMgmt | ID = 10
Description =

Error - 2/6/2010 9:25:46 AM | Computer Name = Lindas-Computer | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, time stamp 0x4b302c34,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x09090909, process id 0x1230, application start time 0x01caa72fdc97ae30.

Error - 2/6/2010 9:38:57 AM | Computer Name = Lindas-Computer | Source = STacSV | ID = 268435455
Description =

Error - 2/6/2010 10:13:37 AM | Computer Name = Lindas-Computer | Source = EventSystem | ID = 4621
Description =

Error - 2/6/2010 10:16:09 AM | Computer Name = Lindas-Computer | Source = WinMgmt | ID = 10
Description =

Error - 2/7/2010 3:03:32 PM | Computer Name = Lindas-Computer | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 2/8/2010 4:18:37 AM | Computer Name = Lindas-Computer | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/7/2010 3:06:42 PM | Computer Name = Lindas-Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00242C3EC181 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/7/2010 3:09:47 PM | Computer Name = Lindas-Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 00242C3EC181 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/7/2010 7:52:19 PM | Computer Name = Lindas-Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00242C3EC181 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/8/2010 10:28:46 PM | Computer Name = Lindas-Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 00242C3EC181 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2010 2:16:03 AM | Computer Name = Lindas-Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.8 for the Network Card with network
address 00242C3EC181 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2010 12:26:51 PM | Computer Name = Lindas-Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 00242C3EC181 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2010 12:39:23 PM | Computer Name = Lindas-Computer | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.

Error - 2/9/2010 12:39:23 PM | Computer Name = Lindas-Computer | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.

Error - 2/9/2010 12:39:23 PM | Computer Name = Lindas-Computer | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.

Error - 2/9/2010 12:39:23 PM | Computer Name = Lindas-Computer | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.


< End of report >

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Java(TM) 6 Update 7
  • Click on the Uninstall/Change button at the top.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
The scan found no malicious items. However, FYI, earlier this evening, Spyware Doctor ran a scheduled scan and found (and repaired/fixed) trojan fake.alert. I know nȯne of the scans I ran yesterday came up with this. I don't know why it keeps coming back.




Malwarebytes' Anti-Malware 1.44
Database version: 3723
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/10/2010 9:45:18 PM
mbam-log-2010-02-10 (21-45-18).txt

Scan type: Quick Scan
Objects scanned: 101119
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Is my system clean now? Do I need to do anything else?

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
How is the machine running? logs look good to me.

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Seems to be ok. I did have another problem yesterday. System started acting funny while I was on the web. I shut down everything I could shut down and ran spyware doctor. Found the trojan fake.alert again. Since then things seem to be running good. Don't know why the website I was on would have been the problem... it was a arts and craft type website... but who knows?!

I'm trying to implement the suggestions on this site to prevent reinfection: http://www.GeekPolice.net/virus-spyware-malware-removal-f11/wuaucltexe-is-infected-t19188-15.htm

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
Could of been a malicious ad/flash script on the website that did it.

descriptionInfected with Virus three times in last 2 weeks... Frustrated! EmptyRe: Infected with Virus three times in last 2 weeks... Frustrated!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum