Resident Shield shows 104 Trojans - "Object is inaccessible."

I think I got one of those email things.
Or my brother picked it up playing internet games.

But, it all started with my browser closing, & some phony looking "We're sorry" blahblah thing from Mozilla came up. & My browser would randomly just close down at times.
Then my google searches were being redirected.
Then I got a fake Essentials alert, went against my gut & downloaded anitspyware safeguard.
Got rid of that through malware bytes, yet Resident Shields shows me allll thiss stuff.

I used ebay about a month ago, so it made sense when my mom told me yesterday someone did something to her paypal. -_-

I'm really scared & desperate, how do I get this stuff/ (person, seemingly) off of my computer?

Also, is it unusual for you start your computer & your adapter connects to some wireless from a neighbor? I use my own network all the time but it never auto connects to mine like it should, I have it on remembered, I put theirs on forget but no matter what it always connects to theirs. It's really annoying & I'm very suspicious of it.
Mine is secured, theirs isn't by the way.
Maybe they hacked me through my wireless or something, or while I was connected to theirs?

Anyway, when trying to remove the trojans like 12 out of the 104 moved to the virus vault.
The rest are "inaccessible."

I'm pretty computer savvy but this stuff is BEYOND me,
please help me? ♥

Hi darlingpinky,

Welcome to GeekPolice.net

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read.
  
• Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  
• Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  
• If I have not replied to your thread within 2 days, please PM me.

Also, is it unusual for you start your computer & your adapter connects to some wireless from a neighbor? I use my own network all the time but it never auto connects to mine like it should, I have it on remembered, I put theirs on forget but no matter what it always connects to theirs. It's really annoying & I'm very suspicious of it.
Mine is secured, theirs isn't by the way.

Your PC is probably automatically connecting to their network since it is not password protected. We will deal with this after the infection is cleared

----

Please download OTL from one of the following links

• LINK 1
  
• LINK 2
  
  
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    
  • Under the Custom Scan box paste this in;
    
    

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    
    
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
    

! Hi (:

So post my log..?
In AVG resident shield I exported the list to a file, is that what we're looking for?

Oh. Nevermind. -_-
Getting ahead of myself. ;o

OTL logfile created on: 10/5/2010 9:02:32 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Liz\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

999.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 18.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.93 Gb Total Space | 69.97 Gb Free Space | 50.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP_DESKTOP
Current User Name: Liz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 20:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\My Documents\Downloads\OTL.exe
PRC - [2010/10/04 09:37:28 | 004,104,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2010/10/04 09:37:26 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:53:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/19 12:28:28 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 08:50:01 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 08:49:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 08:49:06 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 08:49:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/16 09:34:56 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/16 10:44:56 | 001,358,384 | ---- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/28 09:32:28 | 000,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2007/09/12 07:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/09 21:21:14 | 000,183,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/01/09 21:21:12 | 000,404,288 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/06 05:12:50 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/06/08 14:02:06 | 000,131,072 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/04/25 10:46:54 | 000,131,072 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
PRC - [2006/04/24 10:42:06 | 000,888,832 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2005/07/19 14:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/29 13:06:54 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe
PRC - [2005/06/08 12:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 11:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 20:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/27 19:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2010/07/15 08:49:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/28 09:32:34 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007/09/12 07:20:58 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/09 21:21:14 | 000,183,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/06 05:12:50 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 08:50:03 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 08:49:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:54:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 14:17:16 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/05/28 09:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/03/07 10:39:48 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 12:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/12/06 05:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/07/22 14:13:48 | 001,579,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/19 08:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/07/05 23:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/07/04 10:29:18 | 004,306,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/04/25 09:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/04/06 21:46:48 | 000,031,104 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2005/08/10 10:54:48 | 000,516,480 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTXPARHM.sys -- (MTXPARH)
DRV - [2005/05/27 06:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 06:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 20:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 10:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 10:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 10:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 10:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 10:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 10:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 10:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 10:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 10:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 10:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 10:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 10:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 10:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 10:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 10:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/20 10:58:00 | 000,379,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54AG.sys -- (PRISM_A02)
DRV - [2002/05/08 10:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/03 22:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 09:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 09:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 09:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 09:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 00:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:2.7.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.0
FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 09:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 11:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/19 12:28:36 | 000,000,000 | ---D | M]

[2010/07/23 18:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions
[2010/07/23 18:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/12/20 23:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/04 20:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions
[2009/08/10 15:44:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/19 01:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2009/08/23 22:38:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/02/29 15:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\linky@gemal.dk
[2009/04/10 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\personas@christopher.beard
[2010/10/04 20:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 19:50:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/05/22 16:32:00 | 001,560,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/05/22 16:14:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/05/22 16:17:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2006/02/27 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Matrox PowerDesk 8] C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [vinclock] C:\Documents and Settings\Liz\Application Data\Google\ocboo1892823.exe File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Liz\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Liz\LOCALS~1\Temp\dwm.exe) - C:\DOCUME~1\Liz\LOCALS~1\Temp\dwm.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Liz\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4c30250c-c6d0-11df-be4e-00259ca10a1a}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{4c30250c-c6d0-11df-be4e-00259ca10a1a}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9ceb8de5-7138-11dc-bd0d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9ceb8de5-7138-11dc-bd0d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 19:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\skypePM
[2010/10/04 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Skype
[2010/10/04 19:50:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/04 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/04 19:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/10/04 07:43:14 | 000,118,784 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010/10/03 21:26:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/03 21:26:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/03 21:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/03 01:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/26 09:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Desktop\lv
[2010/09/26 02:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Research In Motion
[2010/09/26 02:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/09/19 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\Downloads
[2010/09/05 21:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\My Received Files
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 20:49:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\prvlcl.dat
[2010/10/05 17:56:21 | 065,661,235 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/04 23:05:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/04 23:00:56 | 001,607,454 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\5.bmp
[2010/10/04 22:59:57 | 001,552,878 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\4.bmp
[2010/10/04 22:58:26 | 001,531,814 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\3.bmp
[2010/10/04 22:56:54 | 001,704,134 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\2.bmp
[2010/10/04 22:56:14 | 001,682,466 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\1.bmp
[2010/10/04 21:44:59 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Liz\NTUSER.DAT
[2010/10/04 21:01:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/04 20:51:39 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 19:51:22 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/04 19:50:08 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/04 16:10:28 | 001,170,582 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\help.bmp
[2010/10/04 07:45:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/04 07:43:14 | 000,118,784 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010/10/04 07:42:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 07:42:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/04 01:28:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Liz\ntuser.ini
[2010/10/04 01:28:21 | 004,840,320 | -H-- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\IconCache.db
[2010/10/03 23:00:52 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\Liz\.recently-used.xbel
[2010/10/03 21:27:01 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 00:13:39 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\srsf.bat
[2010/10/03 00:13:27 | 000,005,453 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\27739.js
[2010/09/27 16:05:30 | 000,072,308 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/26 12:30:45 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/09/26 02:11:45 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\Desktop Manager.lnk
[2010/09/26 02:04:33 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 22:49:20 | 001,607,454 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\5.bmp
[2010/10/04 22:48:14 | 001,552,878 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\4.bmp
[2010/10/04 22:47:39 | 001,531,814 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\3.bmp
[2010/10/04 22:47:01 | 001,704,134 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\2.bmp
[2010/10/04 22:46:34 | 001,682,466 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\1.bmp
[2010/10/04 19:51:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/04 19:50:08 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/04 16:10:28 | 001,170,582 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\help.bmp
[2010/10/03 23:00:52 | 000,001,508 | ---- | C] () -- C:\Documents and Settings\Liz\.recently-used.xbel
[2010/10/03 21:27:01 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 00:13:27 | 000,005,453 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\27739.js
[2010/10/03 00:13:24 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\srsf.bat
[2010/09/26 02:11:45 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\Desktop Manager.lnk
[2010/09/13 18:20:39 | 000,072,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/27 11:10:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\prvlcl.dat
[2009/08/04 12:44:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/11/22 12:21:53 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2008/10/13 15:16:35 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/10/13 14:23:15 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/10/13 12:10:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/20 13:01:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/06/25 16:45:32 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/25 16:45:31 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2007/11/05 18:33:11 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 11:53:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/21 11:51:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/10/05 12:40:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\fusioncache.dat
[2007/10/02 15:59:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/02 15:52:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/02 05:13:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/02 04:52:18 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/25 15:24:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/16 10:15:04 | 000,164,112 | ---- | C] () -- C:\WINDOWS\System32\awmpi.dll
[2005/08/06 12:04:07 | 000,002,438 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2002/05/08 03:12:22 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[1998/05/06 20:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
< End of report >

OTL Extras logfile created on: 10/5/2010 9:02:32 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Liz\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

999.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 18.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.93 Gb Total Space | 69.97 Gb Free Space | 50.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP_DESKTOP
Current User Name: Liz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe" = C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe:*:Enabled:LogMeIn Rescue Calling Card -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Liz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Liz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Liz\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Liz\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- (Vivox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{165F5D21-3B1E-46E7-A400-4A9247018F1B}" = Matrox GigaColor Viewer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BB2B8D4-5753-45C8-8073-765AFAF053BC}" = HP Embedded Security for ProtectTools
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3004FB81-7B9E-4808-BD13-BC5A530BA60B}" = cp_PrintOnCDConfig
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360022A4-9339-426B-8F36-1465CBAEABC0}" = D7300
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90ED357B-5993-42F7-AF70-2D60A7250A32}" = Matrox PowerDesk-HF
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 D3
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E6A78F1-19FF-4769-B5B6-AD305CCD34FB}" = eDualHead
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 J2
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D173E50C-D87F-40A1-BFB2-FFEA51F92CB1}" = HP Credential Manager for ProtectTools
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EFED5763-E48C-4664-A343-3CA6BC0C865F}" = LogMeIn
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD12EF05-CD14-4422-90A8-76D37C3E14C9}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eufony Free M4A MP3 Converter" = Eufony Free M4A MP3 Converter
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"Free WMA MP3 Converter" = Free WMA MP3 Converter
"Happy Diary_is1" = Happy Diary 4.0
"HECI" = Intel(R) Management Engine Interface
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"LimeWire" = LimeWire 5.4.6
"Linksys Wireless Manager" = Linksys Wireless Manager
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrox Parhelia Driver Uninstaller" = Matrox Driver
"MESOL" = Intel(R) Active Management Technology LMS Service and SOL Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PoiZone" = PoiZone
"PROHYBRIDR" = 2007 Microsoft Office system
"QcDrv" = Logitech® Camera Driver
"Sakura" = Sakura
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 2:27:42 PM | Computer Name = HP_DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 2030410484.

Error - 9/29/2010 7:50:59 PM | Computer Name = HP_DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ntdevice.exe, version 47.2.9.9, faulting module
shlwapi.dll, version 6.0.2900.3653, fault address 0x0001a9f8.

Error - 10/3/2010 3:13:56 AM | Computer Name = HP_DESKTOP | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/3/2010 3:13:56 AM | Computer Name = HP_DESKTOP | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/3/2010 3:13:56 AM | Computer Name = HP_DESKTOP | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/3/2010 3:13:56 AM | Computer Name = HP_DESKTOP | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/3/2010 4:26:43 AM | Computer Name = HP_DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application hotfix.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2010 4:26:43 AM | Computer Name = HP_DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application hotfix.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2010 4:26:45 AM | Computer Name = HP_DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application hotfix.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2010 12:05:48 AM | Computer Name = HP_DESKTOP | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.

[ OSession Events ]
Error - 6/2/2008 2:48:32 PM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/30/2008 12:37:04 AM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 161 seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/30/2008 12:37:09 AM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/30/2008 12:37:12 AM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/24/2008 2:23:24 AM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/2/2009 8:46:54 PM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 23 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/2/2009 8:47:00 PM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/2/2009 8:47:03 PM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/2/2009 8:47:12 PM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/2/2009 8:47:17 PM | Computer Name = HP_DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/4/2010 1:49:49 AM | Computer Name = HP_DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 10/4/2010 1:49:55 AM | Computer Name = HP_DESKTOP | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x80090016.

Error - 10/4/2010 1:50:09 AM | Computer Name = HP_DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor

Error - 10/4/2010 1:50:11 AM | Computer Name = HP_DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.104 for the Network Card with network
address 00259CA10A1A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/4/2010 10:42:48 AM | Computer Name = HP_DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00259CA10A1A has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/4/2010 10:43:28 AM | Computer Name = HP_DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 10/4/2010 10:43:35 AM | Computer Name = HP_DESKTOP | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x80090016.

Error - 10/4/2010 10:43:48 AM | Computer Name = HP_DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.109 for the Network Card with network
address 00259CA10A1A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/4/2010 10:47:21 AM | Computer Name = HP_DESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

Error - 10/5/2010 6:01:31 AM | Computer Name = HP_DESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office PowerPoint 2007 (KB982158).


< End of report >

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

ComboFix 10-10-05.01 - Liz 10/05/2010 21:32:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.999.291 [GMT -7:00]
Running from: c:\documents and settings\Liz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Liz\LOCALS~1\Temp\jna552237619054211871.tmp
c:\documents and settings\Liz\Application Data\srsf.bat
c:\documents and settings\Liz\Local Settings\Temp\jna552237619054211871.tmp
c:\windows\UA000106.DLL
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 02:51 . 2010-10-05 02:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-10-05 02:51 . 2010-10-05 23:01 -------- d-----w- c:\documents and settings\Liz\Application Data\skypePM
2010-10-05 02:50 . 2010-10-06 04:47 -------- d-----w- c:\documents and settings\Liz\Application Data\Skype
2010-10-05 02:50 . 2010-10-05 02:50 -------- d-----r- c:\program files\Skype
2010-10-05 02:50 . 2010-10-05 02:50 -------- d-----w- c:\program files\Common Files\Skype
2010-10-05 02:49 . 2010-10-05 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-04 16:37 . 2010-10-04 16:37 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-04 16:37 . 2010-10-04 16:37 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 16:37 . 2010-10-04 16:37 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-04 14:43 . 2010-10-06 04:50 118784 ----a-w- c:\windows\system32\chg.exe
2010-10-04 04:26 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-04 04:26 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-04 04:26 . 2010-10-04 04:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 09:13 . 2010-09-26 09:13 -------- d-----w- c:\documents and settings\Liz\Application Data\Research In Motion
2010-09-26 09:10 . 2010-09-26 09:10 -------- d-----w- c:\program files\Research In Motion
2010-09-23 16:53 . 2010-09-23 16:53 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 16:53 . 2010-09-23 16:53 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 16:53 . 2010-09-23 16:53 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 16:53 . 2010-09-23 16:53 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 16:53 . 2010-09-23 16:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 16:53 . 2010-09-23 16:53 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 16:53 . 2010-09-23 16:53 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 16:52 . 2010-09-23 16:52 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-14 01:20 . 2010-09-27 23:05 72308 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 04:54 . 2008-01-08 03:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-06 04:53 . 2009-12-21 06:46 -------- d-----w- c:\documents and settings\Liz\Application Data\LimeWire
2010-10-06 03:49 . 2009-11-27 18:10 0 ----a-w- c:\documents and settings\Liz\Local Settings\Application Data\prvlcl.dat
2010-10-02 05:40 . 2010-07-24 01:31 -------- d-----w- c:\documents and settings\Liz\Application Data\IMVU
2010-09-30 16:36 . 2009-11-16 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-26 19:30 . 2010-02-19 07:40 256 ----a-w- c:\windows\system32\pool.bin
2010-09-26 18:42 . 2007-08-02 12:08 90136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 09:18 . 2010-09-26 09:18 26694 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{FD12EF05-CD14-4422-90A8-76D37C3E14C9}\BlackBerry.exe
2010-09-26 09:18 . 2010-02-19 07:38 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-09-26 09:12 . 2010-09-26 09:12 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\DesktopMgr.exe
2010-09-26 09:12 . 2010-09-26 09:12 6502 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-09-26 09:12 . 2010-09-26 09:12 6502 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-09-26 09:12 . 2010-09-26 09:12 6502 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-09-26 09:12 . 2010-09-26 09:12 26694 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 09:01 . 2007-10-21 19:29 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
2010-09-05 05:29 . 2008-10-01 03:30 -------- d-----w- c:\program files\Yahoo!
2010-09-05 04:20 . 2010-07-21 03:24 -------- d-----w- c:\program files\vgif
2010-09-05 04:19 . 2010-04-27 02:42 -------- d-----w- c:\program files\DVDVideoSoft
2010-09-05 04:19 . 2010-04-27 02:42 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-05 02:46 . 2007-10-23 20:17 -------- d-----w- c:\documents and settings\Liz\Application Data\gtk-2.0
2010-08-21 04:18 . 2010-08-21 04:18 -------- d-----w- c:\program files\JL_Cmder
2010-08-19 05:10 . 2009-06-19 18:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-14 10:18 . 2010-08-14 10:18 -------- d-----w- c:\program files\JanSoft
2010-08-13 23:44 . 2008-10-05 19:14 -------- d-----w- c:\documents and settings\Liz\Application Data\Yahoo!
2010-08-13 23:43 . 2008-10-01 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-30 03:28 . 2010-07-30 03:28 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-24 01:31 . 2010-07-24 01:31 77384 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\Uninstall.exe
2010-07-15 15:50 . 2009-12-21 22:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:50 . 2010-07-15 15:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:49 . 2009-12-21 22:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 01:24 . 2010-07-14 01:24 711168 ----a-w- c:\documents and settings\Liz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307hw-1007080-0-main.dll
2010-07-12 18:49 . 2010-07-12 18:49 97200 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\IMVUupdater.exe
2010-07-12 18:49 . 2010-07-12 18:49 52992 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\IMVUClient.exe
2010-07-12 18:49 . 2010-07-12 18:49 21760 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\IMVUQualityAgent.exe
2010-07-09 00:27 . 2010-07-09 00:27 1339904 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\SceneWindow.dll
2007-05-22 23:14 . 2007-10-21 17:18 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 23:17 . 2007-10-21 17:18 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-01-10 404288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]
"Matrox PowerDesk 8"="c:\program files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [2005-08-10 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Liz\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 15:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-04-07 04:00 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 16:32 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-06-07 19:26 40448 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Liz\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Liz\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/21/2009 3:25 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/21/2009 3:25 PM 243024]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/6/2006 9:46 PM 31104]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/27/2006 7:00 PM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:49 AM 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 7:21 AM 12856]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2007 8:40 PM 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/2/2007 4:41 AM 36608]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/16/2010 6:32 PM 627072]
S3 MTXPARH;MTXPARH;c:\windows\system32\drivers\MTXPARHM.sys [10/2/2007 3:47 PM 516480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Liz\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-vinclock - c:\documents and settings\Liz\Application Data\Google\ocboo1892823.exe
Notify-NavLogon - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\windows\RTHDCPL.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-05 22:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 05:05

Pre-Run: 75,489,361,920 bytes free
Post-Run: 81,926,070,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2D5B030A68DC7EFB2F403D99C5528131

Hi darlingpinky,

Please work your way through the following:

Step 1:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire


References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you choose not to remove them, please do not use them until this computer is clean.


Step 2:

Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.



Step 3:

Please open Notepad and copy/paste this code into the notepad:

Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


Step 4:

Please post a fresh log from OTL (Open OTL and click "Quick Scan")


In your next reply please include:

• The Combofix log.
  
• The OTL log.
  

Thanks.

Yes sirrr.

ComboFix 10-10-05.01 - Liz 10/05/2010 22:36:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.999.336 [GMT -7]
Running from: c:\documents and settings\Liz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liz\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Liz\LOCALS~1\Temp\jna4081680889540390456.tmp
c:\documents and settings\Liz\Local Settings\Temp\jna4081680889540390456.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 02:51 . 2010-10-05 02:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-10-05 02:51 . 2010-10-05 23:01 -------- d-----w- c:\documents and settings\Liz\Application Data\skypePM
2010-10-05 02:50 . 2010-10-06 04:47 -------- d-----w- c:\documents and settings\Liz\Application Data\Skype
2010-10-05 02:50 . 2010-10-05 02:50 -------- d-----r- c:\program files\Skype
2010-10-05 02:50 . 2010-10-05 02:50 -------- d-----w- c:\program files\Common Files\Skype
2010-10-05 02:49 . 2010-10-05 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-04 16:37 . 2010-10-04 16:37 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-04 16:37 . 2010-10-04 16:37 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 16:37 . 2010-10-04 16:37 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-04 04:26 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-04 04:26 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-04 04:26 . 2010-10-04 04:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 09:13 . 2010-09-26 09:13 -------- d-----w- c:\documents and settings\Liz\Application Data\Research In Motion
2010-09-26 09:10 . 2010-09-26 09:10 -------- d-----w- c:\program files\Research In Motion
2010-09-23 16:53 . 2010-09-23 16:53 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 16:53 . 2010-09-23 16:53 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 16:53 . 2010-09-23 16:53 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 16:53 . 2010-09-23 16:53 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 16:53 . 2010-09-23 16:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 16:53 . 2010-09-23 16:53 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 16:53 . 2010-09-23 16:53 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 16:52 . 2010-09-23 16:52 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-14 01:20 . 2010-09-27 23:05 72308 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 05:50 . 2008-01-08 03:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-06 05:50 . 2009-12-21 06:46 -------- d-----w- c:\documents and settings\Liz\Application Data\LimeWire
2010-10-06 05:31 . 2007-10-20 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-10-06 03:49 . 2009-11-27 18:10 0 ----a-w- c:\documents and settings\Liz\Local Settings\Application Data\prvlcl.dat
2010-10-02 05:40 . 2010-07-24 01:31 -------- d-----w- c:\documents and settings\Liz\Application Data\IMVU
2010-09-30 16:36 . 2009-11-16 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-26 19:30 . 2010-02-19 07:40 256 ----a-w- c:\windows\system32\pool.bin
2010-09-26 18:42 . 2007-08-02 12:08 90136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 09:18 . 2010-09-26 09:18 26694 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{FD12EF05-CD14-4422-90A8-76D37C3E14C9}\BlackBerry.exe
2010-09-26 09:18 . 2010-02-19 07:38 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-09-26 09:12 . 2010-09-26 09:12 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\DesktopMgr.exe
2010-09-26 09:12 . 2010-09-26 09:12 6502 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-09-26 09:12 . 2010-09-26 09:12 6502 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-09-26 09:12 . 2010-09-26 09:12 6502 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-09-26 09:12 . 2010-09-26 09:12 26694 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 09:01 . 2007-10-21 19:29 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-09-26 08:51 . 2010-02-19 07:39 69632 ----a-r- c:\documents and settings\Liz\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
2010-09-05 05:29 . 2008-10-01 03:30 -------- d-----w- c:\program files\Yahoo!
2010-09-05 04:20 . 2010-07-21 03:24 -------- d-----w- c:\program files\vgif
2010-09-05 04:19 . 2010-04-27 02:42 -------- d-----w- c:\program files\DVDVideoSoft
2010-09-05 04:19 . 2010-04-27 02:42 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-05 02:46 . 2007-10-23 20:17 -------- d-----w- c:\documents and settings\Liz\Application Data\gtk-2.0
2010-08-21 04:18 . 2010-08-21 04:18 -------- d-----w- c:\program files\JL_Cmder
2010-08-19 05:10 . 2009-06-19 18:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-14 10:18 . 2010-08-14 10:18 -------- d-----w- c:\program files\JanSoft
2010-08-13 23:44 . 2008-10-05 19:14 -------- d-----w- c:\documents and settings\Liz\Application Data\Yahoo!
2010-08-13 23:43 . 2008-10-01 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-30 03:28 . 2010-07-30 03:28 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-24 01:31 . 2010-07-24 01:31 77384 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\Uninstall.exe
2010-07-15 15:50 . 2009-12-21 22:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:50 . 2010-07-15 15:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:49 . 2009-12-21 22:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 01:24 . 2010-07-14 01:24 711168 ----a-w- c:\documents and settings\Liz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307hw-1007080-0-main.dll
2010-07-12 18:49 . 2010-07-12 18:49 97200 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\IMVUupdater.exe
2010-07-12 18:49 . 2010-07-12 18:49 52992 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\IMVUClient.exe
2010-07-12 18:49 . 2010-07-12 18:49 21760 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\IMVUQualityAgent.exe
2010-07-09 00:27 . 2010-07-09 00:27 1339904 ----a-w- c:\documents and settings\Liz\Application Data\IMVUClient\SceneWindow.dll
2007-05-22 23:14 . 2007-10-21 17:18 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 23:17 . 2007-10-21 17:18 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-01-10 404288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]
"Matrox PowerDesk 8"="c:\program files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [2005-08-10 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Liz\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 15:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-04-07 04:00 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 16:32 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-06-07 19:26 40448 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Liz\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Liz\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/21/2009 3:25 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/21/2009 3:25 PM 243024]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/6/2006 9:46 PM 31104]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/27/2006 7:00 PM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:49 AM 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 7:21 AM 12856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/2/2007 4:41 AM 36608]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/16/2010 6:32 PM 627072]
S3 MTXPARH;MTXPARH;c:\windows\system32\drivers\MTXPARHM.sys [10/2/2007 3:47 PM 516480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Liz\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\progra~1\IZArc\IZArcCM.dll
c:\program files\ProtectTools\Embedded Security Software\PSDShExt.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\MSVCR71.dll
c:\program files\ProtectTools\Embedded Security Software\PSDShExtUS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\wscntfy.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\windows\RTHDCPL.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-05 22:57:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 05:57
ComboFix2.txt 2010-10-06 05:05

Pre-Run: 81,948,622,848 bytes free
Post-Run: 81,927,692,288 bytes free

- - End Of File - - C48C3652214487AD0C66CA32CB18AF9C
[b]

Hi darlingpinky,

Thanks for the log, things are looking a little better. We still have more work to do, please work your way though the following:

Step 1:

It can be updated by the Java control panel

• click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  
• An update should begin.
  
• Just follow the prompts.
  

Step 2:

Please launch Malwarebytes Anti-malware.

• Once the program has loaded click the "Update taband then "Check for Updates" if any are found they will be downloaded. When prompted click Ok to install the updates.
  
• After updating navigate to the main menu and check Perform Full Scan, then click Scan.
  The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Step 3:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
  
  
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
  
• Click the Save report... button.
  
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your next reply please include:

• The MBAM log.
  
• The Kaspersky log.
  
• A fresh OTL log Open OTL and click "Quick Scan"
  

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4754

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

10/6/2010 4:10:37 PM
mbam-log-2010-10-06 (16-10-37).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 278978
Time elapsed: 47 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115128.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.


Last edited by darlingpinky on 7th October 2010, 10:58 pm; edited 1 time in total

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 06, 2010 11:54:00
Records in database: 4280474
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 106927
Threats found: 7
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 03:47:35


File name / Threat / Threats count
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 Infected: Trojan-Downloader.Java.Agent.gr 1
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 Infected: Trojan-Downloader.Java.Agent.gs 1
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 Infected: Trojan-Downloader.Java.Agent.gt 1
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-5f51baa2.zip Infected: Exploit.Java.Gimsh.a 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1141\A0112714.exe Infected: Trojan-Dropper.Win32.VB.ajwc 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115129.exe Infected: Trojan.Win32.Swisyn.amtr 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115240.dll Infected: Packed.Win32.Krap.hc 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115256.exe Infected: Trojan-Dropper.Win32.VB.ajwc 1

Selected area has been scanned.

OTL logfile created on: 10/7/2010 3:49:43 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Liz\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

999.00 Mb Total Physical Memory | 571.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.93 Gb Total Space | 76.13 Gb Free Space | 54.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP_DESKTOP
Current User Name: Liz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 20:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
PRC - [2010/10/04 09:37:26 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:53:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/19 12:28:28 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 08:50:01 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 08:49:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 08:49:06 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 08:49:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/16 09:34:56 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/16 10:44:56 | 001,358,384 | ---- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/28 09:32:28 | 000,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2007/09/12 07:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/09 21:21:14 | 000,183,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/01/09 21:21:12 | 000,404,288 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2006/12/06 05:12:50 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/06/08 14:02:06 | 000,131,072 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/04/25 10:46:54 | 000,131,072 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
PRC - [2006/04/24 10:42:06 | 000,888,832 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2005/07/19 14:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/29 13:06:54 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe
PRC - [2005/06/08 12:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 11:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 20:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/27 19:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2010/07/15 08:49:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/28 09:32:34 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007/09/12 07:20:58 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/09 21:21:14 | 000,183,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2006/12/06 05:12:50 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Liz\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 08:50:03 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 08:49:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:54:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 14:17:16 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/05/28 09:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/03/07 10:39:48 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 12:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/12/06 05:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/07/22 14:13:48 | 001,579,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/19 08:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/07/05 23:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/07/04 10:29:18 | 004,306,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/04/25 09:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/04/06 21:46:48 | 000,031,104 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2005/08/10 10:54:48 | 000,516,480 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTXPARHM.sys -- (MTXPARH)
DRV - [2005/05/27 06:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 06:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 20:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 10:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 10:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 10:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 10:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 10:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 10:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 10:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 10:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 10:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 10:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 10:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 10:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 10:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 10:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 10:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/20 10:58:00 | 000,379,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54AG.sys -- (PRISM_A02)
DRV - [2002/05/08 10:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/03 22:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 09:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 09:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 09:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 09:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 00:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:2.7.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 09:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 11:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 07:39:42 | 000,000,000 | ---D | M]

[2010/07/23 18:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions
[2010/07/23 18:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/12/20 23:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/06 16:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions
[2009/08/10 15:44:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/19 01:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2009/08/23 22:38:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/02/29 15:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\linky@gemal.dk
[2009/04/10 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\awrmfegp.default\extensions\personas@christopher.beard
[2010/10/06 07:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 19:50:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/06 07:39:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/22 16:32:00 | 001,560,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/05/22 16:14:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/05/22 16:17:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/10/05 22:48:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Matrox PowerDesk 8] C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Liz\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Liz\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/06 07:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/05 22:57:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/05 21:29:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/05 21:22:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/05 21:22:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/05 21:22:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/05 21:22:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/05 21:21:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/05 21:21:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/05 20:57:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2010/10/04 19:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\skypePM
[2010/10/04 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Skype
[2010/10/04 19:50:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/04 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/04 19:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/10/03 21:26:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/03 21:26:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/03 21:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/03 01:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/26 09:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Desktop\lv
[2010/09/26 02:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Research In Motion
[2010/09/26 02:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/09/19 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\Downloads
[2010/09/05 21:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\My Received Files
[2010/09/04 22:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\LimeWire
[2010/09/04 21:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\New Folder
[2010/09/04 21:07:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Liz\My Documents\My Pictures
[2010/08/20 21:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
[2010/08/18 22:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Desktop\A_P_CS5_Portable_2010
[2010/08/14 03:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\JanSoft
[2010/08/04 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\ipod
[2010/07/29 20:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Vivox
[2010/07/29 20:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/29 20:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/29 20:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/29 20:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/23 18:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\IMVU
[2010/07/23 18:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\IMVUClient
[2010/07/20 20:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArmDic
[2010/07/20 20:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\vgif
[2010/07/16 20:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\My Documents\gifs
[2010/07/15 08:50:00 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/07 09:04:14 | 065,707,947 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/07 07:31:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 03:49:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\prvlcl.dat
[2010/10/06 16:15:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/06 16:14:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 16:14:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/06 16:11:58 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Liz\NTUSER.DAT
[2010/10/06 16:11:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Liz\ntuser.ini
[2010/10/05 22:48:25 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 22:48:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/05 21:29:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/05 21:17:58 | 003,873,401 | R--- | M] () -- C:\Documents and Settings\Liz\Desktop\ComboFix.exe
[2010/10/05 20:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2010/10/04 23:00:56 | 001,607,454 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\5.bmp
[2010/10/04 22:59:57 | 001,552,878 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\4.bmp
[2010/10/04 22:58:26 | 001,531,814 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\3.bmp
[2010/10/04 22:56:54 | 001,704,134 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\2.bmp
[2010/10/04 22:56:14 | 001,682,466 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\1.bmp
[2010/10/04 21:01:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/04 20:51:39 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 19:51:22 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/04 19:50:08 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/04 16:10:28 | 001,170,582 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\help.bmp
[2010/10/04 01:28:21 | 004,840,320 | -H-- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\IconCache.db
[2010/10/03 23:00:52 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\Liz\.recently-used.xbel
[2010/10/03 21:27:01 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 00:13:27 | 000,005,453 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\27739.js
[2010/09/27 16:05:30 | 000,072,308 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/26 12:30:45 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/09/26 02:11:45 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\Desktop Manager.lnk
[2010/09/26 02:04:33 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/20 21:30:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/20 21:30:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/18 22:10:49 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\Photoshop.lnk
[2010/08/13 16:42:57 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 16:42:57 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/07/23 18:31:30 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\IMVU.lnk
[2010/07/20 20:41:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/15 08:50:03 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 08:50:00 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 08:49:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 21:29:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/05 21:29:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/05 21:22:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/05 21:22:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/05 21:22:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/05 21:22:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/05 21:22:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/05 21:17:43 | 003,873,401 | R--- | C] () -- C:\Documents and Settings\Liz\Desktop\ComboFix.exe
[2010/10/04 22:49:20 | 001,607,454 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\5.bmp
[2010/10/04 22:48:14 | 001,552,878 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\4.bmp
[2010/10/04 22:47:39 | 001,531,814 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\3.bmp
[2010/10/04 22:47:01 | 001,704,134 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\2.bmp
[2010/10/04 22:46:34 | 001,682,466 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\1.bmp
[2010/10/04 19:51:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/04 19:50:08 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/04 16:10:28 | 001,170,582 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\help.bmp
[2010/10/03 23:00:52 | 000,001,508 | ---- | C] () -- C:\Documents and Settings\Liz\.recently-used.xbel
[2010/10/03 21:27:01 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 00:13:27 | 000,005,453 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\27739.js
[2010/09/26 02:11:45 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\Desktop Manager.lnk
[2010/09/13 18:20:39 | 000,072,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/20 21:30:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/08/20 21:30:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/18 22:10:49 | 000,001,102 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\Photoshop.lnk
[2010/08/13 16:42:57 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 16:42:57 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/07/29 20:46:05 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/23 18:31:30 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\IMVU.lnk
[2009/11/27 11:10:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\prvlcl.dat
[2009/08/04 12:44:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/11/22 12:21:53 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2008/10/13 15:16:35 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/10/13 14:23:15 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/10/13 12:10:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/20 13:01:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/06/25 16:45:32 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/25 16:45:31 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2007/11/05 18:33:11 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 11:53:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/21 11:51:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/10/05 12:40:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\fusioncache.dat
[2007/10/02 15:59:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/02 15:52:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/02 05:13:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/02 04:52:18 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/25 15:24:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/16 10:15:04 | 000,164,112 | ---- | C] () -- C:\WINDOWS\System32\awmpi.dll
[2005/08/06 12:04:07 | 000,002,438 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2002/05/08 03:12:22 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1998/05/06 20:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2009/08/15 00:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apowersoft
[2010/09/30 09:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/10/02 17:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/15 19:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/08/02 04:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2008/06/18 12:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/10/02 15:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Matrox
[2010/07/17 18:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/10/17 13:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/10/05 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/10/05 22:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/16 12:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/29 20:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/08/02 05:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/12/21 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/04 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\gtk-2.0
[2009/12/29 21:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Hardcore
[2010/10/01 22:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\IMVU
[2010/07/23 18:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\IMVUClient
[2007/08/02 04:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Infineon
[2007/11/22 16:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\InterVideo
[2010/10/07 15:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\LimeWire
[2007/10/24 17:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\LogMeIn Rescue Calling Card
[2007/10/18 18:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\MSNInstaller
[2010/06/29 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\ooVoo Details
[2008/04/27 10:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Opera
[2008/04/17 09:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Panasonic
[2009/10/17 13:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Publish Providers
[2010/09/26 02:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Research In Motion
[2009/12/29 21:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Sakura
[2007/08/02 05:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\SampleView
[2008/10/18 12:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Screenshot Sender
[2010/04/10 17:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Sony
[2010/07/05 22:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\SynthMaker
[2009/08/22 15:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Ulead Systems
[2010/07/29 20:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liz\Application Data\Vivox

========== Purity Check ==========


< End of report >

Hi darlingpinky,

We still have a bit of work to do, please do the following:


Step 1:

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  Code:

  :Files
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-5f51baa2.zip
C:\Documents and Settings\Liz\Application Data\27739.js

:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)


:Commands
[purity]
[emptytemp]
[emptyflash]
[clearallrestorepoints]

  
  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• After rebooting, please post the OTL you are presented with on startup.

Step 2:


Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology
  


• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic.
  
• Now click on: (Selecting Uninstall application on close if you so wish)
  

In your next reply please include:

• The log from OTL.
  
• The ESET log.
  
• How is your machine running now?

Thanks!

All processes killed
========== FILES ==========
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 moved successfully.
File\Folder C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 not found.
File\Folder C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 not found.
C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-5f51baa2.zip moved successfully.
C:\Documents and Settings\Liz\Application Data\27739.js moved successfully.
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 27389 bytes
->Flash cache emptied: 742 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Liz
->Temp folder emptied: 122111774 bytes
->Temporary Internet Files folder emptied: 1108028 bytes
->Java cache emptied: 54286032 bytes
->FireFox cache emptied: 93908412 bytes
->Flash cache emptied: 2404036 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser.HP_DESKTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LogMeInRemoteUser.HP_DESKTOP.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 112094 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 262.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Liz
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: LogMeInRemoteUser.HP_DESKTOP

User: LogMeInRemoteUser.HP_DESKTOP.000

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.14.1 log created on 10072010_164742

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3f0.dat moved successfully.

Registry entries deleted on Reboot...

Good, I await the ESET log along with your system comments

ESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=00af4cfe518bc442900385996bb46682
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-08 01:18:56
# local_time=2010-10-07 06:18:56 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777191 100 0 27224891 27224891 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93394
# found=1
# cleaned=0
# scan_time=3785
C:\_OTL\MovedFiles\10072010_164742\C_Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\20\4b893854-23436f92 multiple threats 00000000000000000000000000000000 I

I'm not experiencing anything I mentioned in the first post, but I haven't enabled AVG since we started this process so I don't know what's in Resident Shield, if anything?
& The paypal incident was a misunderstanding, no one was in our account, our stuff is safe I assume.
My computer doesn't connect to that open network immediately upon start up, but to mine. Was that something we did?

Also, there's unfamiliar icons in C:\ like Boot.bak, .rnd, ut, ut9x, & thumbs.db on desktop that weren't there before. I know it's nothing serious but I want to know if they are okay to delete?
Thank you for all your help by the way

Hi darlingpinky,

Ok lets address some of those issues. Please do not delete the files in the C:\ drive. They are files that just must be hidden. To do this:

Hide Files:
Please click Start and open My Computer.
On the Tools menu, click on Folder Options.
On the View tab, check "Hide file extensions for known file types".
Check "Hide protected operating system files (Recommended)". Under "Hidden files and folders", check "Do not show hidden files and folders".
Click Apply to All Folders.
Click OK and close My Computer.

My computer doesn't connect to that open network immediately upon start up, but to mine. Was that something we did?

I suspect so.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Uninstall ComboFix:

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 
  

CleanUp with OTL

• Make sure you have an Internet Connection.
  
• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  
• Click on the CleanUp! button
  
• A list of tool components used in the Cleanup of malware will be downloaded.
  
• If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  
• Click Yes to begin the Cleanup process and remove these components, including this application.
  
• You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
  

Please enable AVG now.


Let me know how the above goes so I can give you some very important instructions for updates and tips on how to keep your computer safe!

Thanks.

Still 104 trojans after refreshing the list..how come?

Hi,

Could you please post the log from the AVG scan,

c:\programData\Avg\Logs\ File will be named most likely the most recent file name. I am sure they will just be leftovers.

IF you can please quarantine and remove them.

Let me know how it goes and post the log here.

Thanks.

This is the path;
C:\Program Files\AVG\AVG9\log

But nothing's inside of it.
But I refresh Resident Shield & it has a whole list.
:/ ...confused.

I ran a full computer scan, no infections.

But this is the list & I just don't understand it..

Resident Shield detection
"Infection" "Object" "Result" "Detection time" "Object Type" "Process"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Moved to Virus Vault" "10/4/2010, 7:30:12 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 3:46:48 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 2:46:48 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 1:58:48 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 12:47:53 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 11:58:48 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 10:46:48 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 9:58:48 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 8:46:48 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/4/2010, 8:35:43 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BDJI" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115220.exe" "Object is inaccessible." "10/3/2010, 10:45:39 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.HBP" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115130.dll" "Object is inaccessible." "10/3/2010, 10:45:37 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\CT0L2STL\update[1].exe" "Object is inaccessible." "10/3/2010, 10:45:37 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Local Settings\Temp\pdfupd.exe" "Object is inaccessible." "10/3/2010, 10:45:35 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Local Settings\Temp\0.9748510428333984.exe" "Object is inaccessible." "10/3/2010, 10:45:33 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115220.exe" "Object is inaccessible." "10/3/2010, 10:20:18 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.AIGU" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115128.exe" "Moved to Virus Vault" "10/3/2010, 10:20:15 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.HBP" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115130.dll" "Object is inaccessible." "10/3/2010, 10:20:12 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Agent2.BNMZ" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115129.exe" "Moved to Virus Vault" "10/3/2010, 10:20:11 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1178\A0115127.exe" "Object is inaccessible." "10/3/2010, 10:20:11 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\CT0L2STL\update[1].exe" "Object is inaccessible." "10/3/2010, 9:57:43 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Local Settings\Temp\pdfupd.exe" "Object is inaccessible." "10/3/2010, 9:50:35 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Local Settings\Temp\0.9748510428333984.exe" "Object is inaccessible." "10/3/2010, 9:49:18 PM" "file" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse SHeur3.BDJI" "c:\Documents and Settings\Liz\Application Data\hotfix.exe" "Moved to Virus Vault" "10/3/2010, 7:48:27 PM" "file" ""
"Trojan horse Generic17.QXP" "c:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\CT0L2STL\update[2].exe" "Object is inaccessible." "10/3/2010, 3:46:45 AM" "file" "C:\WINDOWS\system32\wscript.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "10/3/2010, 3:46:43 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic19.AIGU" "c:\Documents and Settings\Liz\Application Data\Microsoft\svchost.exe" "Object is inaccessible." "10/3/2010, 3:46:41 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic19.AIGK" "c:\Documents and Settings\Liz\Local Settings\Temp\dwm.exe" "Object is inaccessible." "10/3/2010, 3:46:19 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Agent2.BNMZ" "c:\Documents and Settings\Liz\Application Data\Microsoft\Windows\shell.exe" "Object is inaccessible." "10/3/2010, 1:26:56 AM" "file" "C:\WINDOWS\system32\dumprep.exe"
"Trojan horse Agent2.BNMZ" "c:\Documents and Settings\Liz\Application Data\Microsoft\Windows\shell.exe" "Object is inaccessible." "10/3/2010, 1:26:56 AM" "file" "C:\WINDOWS\system32\dumprep.exe"
"Trojan horse Agent2.BNMZ" "c:\Documents and Settings\Liz\Application Data\Microsoft\Windows\shell.exe" "Object is inaccessible." "10/3/2010, 1:26:56 AM" "file" "C:\WINDOWS\system32\dumprep.exe"
"Trojan horse Generic19.AIGU" "c:\Documents and Settings\Liz\Application Data\Microsoft\svchost.exe" "Object is inaccessible." "10/3/2010, 1:26:53 AM" "file" "C:\WINDOWS\system32\dumprep.exe"
"Trojan horse Generic19.AIGU" "c:\Documents and Settings\Liz\Application Data\Microsoft\svchost.exe" "Object is inaccessible." "10/3/2010, 1:26:53 AM" "file" "C:\WINDOWS\system32\dumprep.exe"
"Trojan horse Generic19.AIGU" "c:\Documents and Settings\Liz\Application Data\Microsoft\svchost.exe" "Object is inaccessible." "10/3/2010, 1:26:53 AM" "file" "C:\WINDOWS\system32\dumprep.exe"
"Trojan horse Agent2.BNHY" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115008.exe" "Moved to Virus Vault" "10/3/2010, 1:03:42 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic17.QXP" "c:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\CT0L2STL\update[2].exe" "Object is inaccessible." "10/3/2010, 12:43:26 AM" "file" "C:\WINDOWS\system32\wscript.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "10/3/2010, 12:43:22 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic19.AIGU" "c:\Documents and Settings\Liz\Application Data\Microsoft\svchost.exe" "Object is inaccessible." "10/3/2010, 12:43:21 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic19.AIGK" "c:\Documents and Settings\Liz\Local Settings\Temp\dwm.exe" "Object is inaccessible." "10/3/2010, 12:43:09 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic17.QXP" "c:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\CT0L2STL\update[2].exe" "Object is inaccessible." "10/3/2010, 12:28:51 AM" "file" "C:\WINDOWS\system32\wscript.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "10/3/2010, 12:28:48 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic19.AIGU" "c:\Documents and Settings\Liz\Application Data\Microsoft\svchost.exe" "Object is inaccessible." "10/3/2010, 12:28:44 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic19.AIGK" "c:\Documents and Settings\Liz\Local Settings\Temp\dwm.exe" "Object is inaccessible." "10/3/2010, 12:28:24 AM" "file" "C:\WINDOWS\explorer.exe"
"Trojan horse Generic17.QXP" "c:\Documents and Settings\Liz\Application Data\1.exe" "Moved to Virus Vault" "10/3/2010, 12:14:03 AM" "file" "C:\WINDOWS\system32\wscript.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 9:52:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 8:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 7:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 6:52:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 5:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 4:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 3:50:24 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 2:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 1:52:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 12:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 11:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 10:52:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 9:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 8:52:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 7:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 6:52:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 5:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Object is inaccessible." "10/2/2010, 4:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AHIS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1176\A0115007.exe" "Moved to Virus Vault" "10/2/2010, 3:52:11 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114950.exe" "Moved to Virus Vault" "10/1/2010, 4:48:40 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114950.exe" "Object is inaccessible." "10/1/2010, 3:40:09 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114950.exe" "Object is inaccessible." "10/1/2010, 2:37:50 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114936.exe" "Moved to Virus Vault" "10/1/2010, 1:22:30 PM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AGHM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114915.exe" "Object is inaccessible." "10/1/2010, 10:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AGHM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114915.exe" "Object is inaccessible." "10/1/2010, 10:05:39 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AGHM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114915.exe" "Object is inaccessible." "10/1/2010, 8:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.AGHM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114915.exe" "Moved to Virus Vault" "10/1/2010, 8:25:26 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCXM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114910.exe" "Object is inaccessible." "10/1/2010, 6:52:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCXM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114910.exe" "Object is inaccessible." "10/1/2010, 5:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCXM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114910.exe" "Object is inaccessible." "10/1/2010, 4:40:09 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCXM" "c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1175\A0114910.exe" "Moved to Virus Vault" "10/1/2010, 3:52:10 AM" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:38:21 AM" "file" "C:\WINDOWS\Explorer.EXE"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:31:51 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:31:51 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:28:49 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:28:48 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:25:46 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:25:46 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:22:44 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:22:44 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:19:41 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:19:41 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:16:39 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:16:39 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:13:37 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:13:37 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:10:34 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:10:34 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:07:32 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:07:32 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:04:30 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:04:30 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 9:01:28 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Object is inaccessible." "9/30/2010, 9:01:28 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\Documents and Settings\Liz\userinit.exe" "Object is inaccessible." "9/30/2010, 8:58:25 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCZS" "c:\WINDOWS\system32\ntdevice.exe" "Moved to Virus Vault" "9/30/2010, 8:58:25 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse Generic19.HBP" "c:\Documents and Settings\Liz\pizda_ntload.dll" "Object is inaccessible." "9/30/2010, 7:38:54 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"
"Trojan horse SHeur3.BCXL" "c:\Documents and Settings\Liz\Local Settings\Temp\dwm.exe" "Object is inaccessible." "9/30/2010, 7:28:19 AM" "file" "C:\DOCUME~1\Liz\LOCALS~1\Temp\dwm.exe"
"Trojan horse SHeur3.BCXL" "c:\Documents and Settings\Liz\Local Settings\Temp\dwm.exe" "Moved to Virus Vault" "9/30/2010, 7:12:23 AM" "file" "C:\DOCUME~1\Liz\LOCALS~1\Temp\dwm.exe"
"Trojan horse Generic19.HBP" "c:\Documents and Settings\Liz\pizda_ntload.dll" "Moved to Virus Vault" "9/29/2010, 11:21:39 AM" "file" "C:\WINDOWS\system32\ntdevice.exe"

Hi darlingpinky,

They infections appear to have been the majority in system restore and your temp folder which we have removed.

You have some important updates which need attention to prevent possible future infections.

Internet Explorer
Your current version of Internet Explorer is outdated and older versions contain vulnerabilities. Please download the latest version (V8.00) from HERE.


Service Pack
You currently have an outdated Service Pack. It is highly recommended you update to the latest Service Pack. This is an extremely important update which fixes several bugs and security issues that attackers exploit. Without it, I can almost guarantee that you will get infected again.
To download the latest Service Pack, please visit: Windows Update


Here is my usual all clean:


Make your Internet Explorer more secure:

• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialise and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  Next press the Apply button and then the OK to exit the Internet Properties page.
  

Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
  
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  
  
• Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.
  

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place



Best wishes!

-TheAvatar