Assistance needed

prettyjustice00 · January 9, 2012

So if I followed the instructions correctly Im suppose to post this for assistance

Every time I try to install malware it goes and stop saying permission denied.

My screen background is blue, I know my software etc are still on the computer but I cant get to them. I tried other scans but I cant get this virus..off Frustrated

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_27

Run by Anna at 22:35:00 on 2012-01-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.96 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxducoms.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\IE8-WindowsXP-x86-ENU.exe

c:\09d77ee047a5478352cf\update\iesetup.exe

C:\WINDOWS\System32\mshta.exe

C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\09d77ee047a5478352cf\update\update.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:50370

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\anna\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [speedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"

mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"

mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mExplorerRun: [112442153] c:\docume~1\alluse~1\locals~1\temp\44c2f94c06b3bb3d.exe

uPolicies-explorer: NoDesktop = 1 (0x1)

uPolicies-system: DisableTaskMgr = 1 (0x1)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anna\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - hxxp://images.fotki.com/activex/FotkiUploader.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{7B67BBD2-4DF6-42DA-AA1E-4FE16A76CFAD} : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C8B4A023-86B9-46CA-853D-55C908791CF1} : DhcpNameServer = 207.69.188.186 207.69.188.187

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\anna\application data\mozilla\firefox\profiles\dxjt8jqw.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.search.selectedengine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.zstart.com/s/?site=Bing&src=FF-Address&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\anna\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll

FF - plugin: c:\documents and settings\anna\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\anna\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\anna\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-12 11608]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-12 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-12 269480]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-12 66616]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-18 869216]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2010-7-12 409984]

R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2010-7-12 14208]

S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-7-16 98984]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-7-12 272128]

.

=============== Created Last 30 ================

.

2012-01-09 04:15:54 -------- d-----w- C:\09d77ee047a5478352cf

2011-12-31 20:44:35 -------- d-----w- c:\program files\Trend Micro

2011-12-31 01:41:52 -------- d-sh--w- C:\found.000

2011-12-27 01:36:20 709968 ----a-w- c:\windows\isRS-000.tmp

2011-12-18 21:51:02 -------- d-----w- c:\windows\system32\cache

2011-12-18 21:51:00 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2011-12-11 02:46:38 -------- d-----w- c:\documents and settings\anna\application data\AVG2012

2011-12-11 02:43:15 -------- d-----w- c:\documents and settings\anna\application data\AVG Secure Search

2011-12-11 02:43:09 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-12-11 02:43:08 -------- d-----w- c:\program files\AVG Secure Search

2011-12-11 02:43:05 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-12-11 02:41:56 -------- d-----w- c:\windows\system32\drivers\AVG

2011-12-11 02:41:56 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-12-11 02:41:14 -------- d-----w- c:\program files\AVG

2011-12-11 02:33:58 -------- d-----w- c:\documents and settings\all users\application data\MFAData

.

==================== Find3M ====================

.

2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-24 20:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts

2011-10-13 08:34:38 66616 ---ha-w- c:\windows\system32\drivers\avgntflt.sys

.

============= FINISH: 22:37:24.35 ===============

MrCharlie · January 14, 2012

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

----------------------

Then.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

The scan will take about 10 minutes...depends on your hard drive size.

MrC

prettyjustice00 · January 15, 2012

Farbar Service Scanner

Ran by Anna (administrator) on 14-01-2012 at 20:20:37

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error: Google IP is offline

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

===========

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

AegisP(8) Avgtdix(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4)

0x0B00000005000000010000000200000003000000040000000B000000060000000700000008000000090000000A000000

IpSec Tag value is correct.

**** End of log ****

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Anna [Admin rights]

Mode: Scan -- Date : 01/14/2012 20:21:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[] HKLM\[...]\Run : () -> ACCESS DENIED

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp127.0.0.1:50370) -> FOUND

[PROXY FF] dxjt8jqw.default\ 127.0.0.1:50370 -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND

[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 009fe65faad70e66f8581745f3dbfc13

[bSP] 0b5ed4fd7bc3c27d1e483acc98bf82cf : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 137427 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

OTL logfile created on: 1/14/2012 8:24:57 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Anna\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.86 Mb Total Physical Memory | 70.97 Mb Available Physical Memory | 14.34% Memory free

1.13 Gb Paging File | 0.35 Gb Available in Paging File | 30.67% Paging File free

Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 127.99 Gb Total Space | 109.50 Gb Free Space | 85.56% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: ANNA-Y4TNC2FAXB | User Name: Anna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 20:23:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna\Desktop\OTL (1).com

PRC - [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/12/18 15:50:58 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

PRC - [2011/12/18 15:50:51 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2011/12/03 01:22:12 | 004,200,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe

PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/22 18:43:24 | 000,140,952 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

PRC - [2011/10/13 02:34:38 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/10/13 02:34:34 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2010/11/02 16:05:06 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/01/14 21:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/09/10 05:11:12 | 000,676,520 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

PRC - [2008/09/10 05:11:09 | 000,025,256 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe

PRC - [2008/05/23 06:58:34 | 000,594,600 | -H-- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/12/29 23:32:20 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2004/12/17 15:47:12 | 000,548,864 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

PRC - [2004/12/16 14:09:40 | 000,827,392 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe

PRC - [2004/12/14 10:50:26 | 000,340,032 | -H-- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe

PRC - [2004/11/10 10:14:08 | 000,036,864 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2004/10/14 08:11:10 | 001,388,544 | -H-- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2003/09/26 14:43:16 | 000,184,320 | -H-- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe

PRC - [2002/09/20 13:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/05 03:48:44 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll

MOD - [2012/01/05 03:48:43 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll

MOD - [2012/01/05 03:47:19 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avutil-51.dll

MOD - [2012/01/05 03:47:18 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avformat-53.dll

MOD - [2012/01/05 03:47:17 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avcodec-53.dll

MOD - [2011/12/18 15:50:58 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

MOD - [2011/12/18 15:50:51 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2011/10/12 02:14:47 | 000,971,264 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll

MOD - [2011/10/12 02:12:33 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

MOD - [2011/10/12 02:12:26 | 012,430,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll

MOD - [2011/10/12 02:12:10 | 001,587,200 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll

MOD - [2011/10/12 02:10:08 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

MOD - [2011/10/12 02:09:53 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2010/01/28 12:57:58 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008/09/10 05:11:12 | 000,676,520 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

MOD - [2008/09/10 05:11:09 | 000,025,256 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe

MOD - [2008/09/10 03:56:27 | 000,081,920 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll

MOD - [2008/09/10 03:56:14 | 000,380,928 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll

MOD - [2008/09/10 03:56:12 | 001,036,288 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudrs.dll

MOD - [2008/09/10 03:43:35 | 000,086,016 | -H-- | M] () -- C:\WINDOWS\system32\lxduoem.dll

MOD - [2008/09/10 03:41:44 | 000,032,768 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll

MOD - [2008/09/10 03:40:31 | 000,069,632 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll

MOD - [2008/05/26 21:36:57 | 000,036,864 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.core.dll

MOD - [2008/05/26 21:36:57 | 000,028,672 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.common.dll

MOD - [2008/05/26 21:35:58 | 000,065,536 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll

MOD - [2008/05/23 06:17:14 | 000,121,856 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll

MOD - [2008/05/23 06:02:14 | 000,188,416 | -H-- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdudatr.dll

MOD - [2008/05/23 06:02:05 | 000,073,728 | -H-- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxducats.dll

MOD - [2008/04/30 18:41:53 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\system32\LXDUPMON.DLL

MOD - [2008/03/24 22:53:10 | 000,012,288 | -H-- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/18 15:50:58 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011/10/13 02:34:38 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/10/13 02:34:34 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2008/05/23 06:58:34 | 000,594,600 | -H-- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)

SRV - [2008/05/23 06:58:22 | 000,098,984 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)

SRV - [2004/11/10 10:14:08 | 000,036,864 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2002/09/20 13:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011/10/13 02:34:38 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/10/13 02:34:38 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2009/05/11 11:49:19 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 09:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/04/13 12:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2007/12/26 09:47:30 | 000,272,128 | -H-- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2007/09/04 00:14:06 | 000,006,528 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)

DRV - [2004/11/30 15:04:16 | 000,409,984 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)

DRV - [2004/10/29 17:48:10 | 003,222,784 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®

DRV - [2004/07/22 13:50:16 | 001,268,234 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/01/29 13:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

DRV - [2001/08/23 06:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001/08/23 06:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.stardoll.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.selectedengine: "Bing"

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"

FF - prefs.js..extensions.enabledItems: textlinks@mmagoo.com:1.0.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "http://www.zstart.com/s/?site=Bing&src=FF-Address&q="

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 50370

FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Anna\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Anna\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/28 09:23:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.22\ [2011/12/18 15:51:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 01:51:50 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 01:51:50 | 000,000,000 | -H-D | M]

[2010/08/28 17:16:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Anna\Application Data\Mozilla\Extensions

[2010/08/28 17:16:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Anna\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/12/23 00:56:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\dxjt8jqw.default\extensions

[2010/10/26 10:07:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\dxjt8jqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/27 16:31:22 | 000,001,919 | -H-- | M] () -- C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\dxjt8jqw.default\searchplugins\bing-zugo.xml

[2011/10/10 03:22:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/12 11:38:26 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/08/04 18:46:44 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/10/10 03:22:20 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2010/09/12 08:31:48 | 000,000,000 | -H-D | M] (Mighty Magoo TextLinks) -- C:\DOCUMENTS AND SETTINGS\ANNA\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@MMAGOO.COM

[2010/08/28 17:08:10 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/07/19 04:05:25 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/12/18 15:50:49 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)

CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Anna\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Anna\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Mighty Magoo = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahndmghnjfikjccedhcgoilmgklebefp\

CHR - Extension: YouTube = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google Search = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: AVG Safe Search = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Gmail = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001/08/23 06:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found

O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()

O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [speedItUpEX] C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI File not found

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 112442153 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\44c2f94c06b3bb3d.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Anna\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki.com/activex/FotkiUploader.cab (FotkiUploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B67BBD2-4DF6-42DA-AA1E-4FE16A76CFAD}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B4A023-86B9-46CA-853D-55C908791CF1}: DhcpNameServer = 207.69.188.186 207.69.188.187

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/07/12 09:55:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 20:23:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anna\Desktop\OTL (1).com

[2012/01/14 20:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna\Desktop\RK_Quarantine

[2012/01/14 20:05:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anna\IETldCache

[2012/01/08 22:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2012/01/08 22:38:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2012/01/08 22:35:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Anna\Start Menu\Programs\Administrative Tools

[2011/12/31 14:45:03 | 062,844,064 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe

[2011/12/31 14:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/12/31 03:27:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/12/30 19:41:52 | 000,000,000 | -HSD | C] -- C:\found.000

[2011/12/18 15:51:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache

[2011/12/18 15:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2010/07/16 19:28:09 | 000,438,272 | -H-- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll

[2010/07/16 19:28:09 | 000,364,544 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll

[2010/07/16 19:28:09 | 000,339,968 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll

[2010/07/16 19:28:08 | 001,069,056 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll

[2010/07/16 19:28:08 | 000,851,968 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll

[2010/07/16 19:28:08 | 000,651,264 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll

[2010/07/16 19:28:07 | 000,577,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll

[2010/07/16 19:28:06 | 000,679,936 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll

[2010/07/16 19:28:06 | 000,328,360 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxduih.exe

[2010/07/16 19:28:05 | 000,765,952 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll

[2010/07/16 19:28:05 | 000,594,600 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxducoms.exe

[2010/07/16 19:28:05 | 000,376,832 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll

[2010/07/16 19:28:04 | 000,369,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxducfg.exe

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

[1 C:\Documents and Settings\Anna\My Documents\*.tmp files -> C:\Documents and Settings\Anna\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 20:23:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna\Desktop\OTL (1).com

[2012/01/14 20:21:36 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2012/01/14 20:11:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/14 20:05:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/01/14 20:05:38 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/14 19:48:00 | 000,000,974 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-507921405-1343024091-1003UA.job

[2012/01/14 19:48:00 | 000,000,922 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-507921405-1343024091-1003Core.job

[2012/01/14 02:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At2.job

[2012/01/14 01:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At5.job

[2012/01/14 00:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At1.job

[2012/01/13 23:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At24.job

[2012/01/13 22:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At22.job

[2012/01/13 21:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At23.job

[2012/01/13 20:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At21.job

[2012/01/13 19:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At18.job

[2012/01/13 18:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At20.job

[2012/01/13 17:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At19.job

[2012/01/13 16:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At17.job

[2012/01/13 15:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At16.job

[2012/01/13 14:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At15.job

[2012/01/13 13:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At14.job

[2012/01/13 12:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At13.job

[2012/01/13 11:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At11.job

[2012/01/13 10:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At12.job

[2012/01/13 09:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At10.job

[2012/01/13 08:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At9.job

[2012/01/13 07:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At8.job

[2012/01/13 06:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At7.job

[2012/01/13 05:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At6.job

[2012/01/13 04:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At3.job

[2012/01/13 03:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\At4.job

[2012/01/09 21:01:27 | 000,043,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/01/09 14:18:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/01/09 03:16:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/08 22:44:07 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/07 13:55:35 | 086,178,471 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/01/06 20:51:45 | 000,002,277 | -H-- | M] () -- C:\Documents and Settings\Anna\Desktop\Google Chrome.lnk

[2011/12/31 14:50:25 | 062,844,064 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe

[2011/12/28 09:23:48 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

[1 C:\Documents and Settings\Anna\My Documents\*.tmp files -> C:\Documents and Settings\Anna\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 20:21:36 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2012/01/14 20:05:41 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/12/07 05:22:36 | 000,000,288 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gvaLhMYJG5QNqb

[2011/12/07 05:22:36 | 000,000,200 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gvaLhMYJG5QNqbr

[2011/12/07 05:22:31 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gvaLhMYJG5QNqb

[2010/10/25 07:30:16 | 000,000,006 | -H-- | C] () -- C:\Documents and Settings\Anna\Application Data\start

[2010/10/25 07:28:56 | 000,000,006 | -H-- | C] () -- C:\Documents and Settings\Anna\Application Data\completescan

[2010/10/25 07:21:26 | 000,000,010 | -H-- | C] () -- C:\Documents and Settings\Anna\Application Data\install

[2010/09/16 18:25:39 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\launch.xml

[2010/09/16 18:25:35 | 000,000,329 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\launcherData.xml

[2010/08/15 13:38:03 | 018,280,000 | --S- | C] () -- C:\WINDOWS\System32\FotkiThumbDB.dat

[2010/08/15 13:38:03 | 000,428,400 | --S- | C] () -- C:\WINDOWS\System32\FotkiUploadThumbDB.dat

[2010/08/08 12:03:15 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin

[2010/08/01 21:21:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI

[2010/07/22 15:19:19 | 000,013,312 | -H-- | C] () -- C:\Documents and Settings\Anna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/16 19:34:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxduvs.dll

[2010/07/16 19:34:04 | 000,360,448 | -H-- | C] () -- C:\WINDOWS\System32\lxducoin.dll

[2010/07/16 19:32:21 | 001,036,288 | -H-- | C] () -- C:\WINDOWS\System32\lxdudrs.dll

[2010/07/16 19:32:21 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\lxducaps.dll

[2010/07/16 19:32:20 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\lxducnv4.dll

[2010/07/16 19:31:36 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\LXDUPMON.DLL

[2010/07/16 19:31:36 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\LXDUFXPU.DLL

[2010/07/16 19:31:16 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\lxduoem.dll

[2010/07/16 19:29:03 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini

[2010/07/16 19:28:10 | 000,389,120 | -H-- | C] () -- C:\WINDOWS\System32\LXDUinst.dll

[2010/07/16 19:28:06 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\lxdugrd.dll

[2010/07/14 22:16:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/07/12 21:40:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI

[2010/07/12 21:38:17 | 000,000,138 | -H-- | C] () -- C:\WINDOWS\wininit.ini

[2010/07/12 21:23:45 | 000,010,165 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2010/07/12 21:23:44 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini

[2010/07/12 21:23:44 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll

[2010/07/12 21:23:44 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2010/07/12 11:57:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat

[2010/07/12 11:35:42 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\RtlGina2.dll

[2010/07/12 11:35:41 | 000,966,765 | -H-- | C] () -- C:\WINDOWS\System32\acAuth.dll

[2010/07/12 11:35:41 | 000,344,064 | -H-- | C] () -- C:\WINDOWS\System32\SCMLib.dll

[2010/07/12 10:20:36 | 000,001,769 | -H-- | C] () -- C:\WINDOWS\Language_trs.ini

[2010/07/12 09:57:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/07/12 09:53:12 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/07/12 04:47:33 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/07/12 04:46:39 | 000,315,560 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2004/08/02 13:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/08/23 06:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 06:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 06:00:00 | 000,436,276 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 06:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 06:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 06:00:00 | 000,069,006 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 06:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 06:00:00 | 000,037,344 | R-S- | C] () -- C:\Documents and Settings\Anna\Application Data\chkntfs.dat

[2001/08/23 06:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 06:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 06:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/08/23 06:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/16 19:31:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series

[2011/12/18 15:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/12/10 20:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2011/12/10 20:43:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/04/07 20:08:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software

[2010/07/21 19:00:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series

[2012/01/07 13:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/05 21:02:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\5600-6600 Series

[2011/12/10 20:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\AVG Secure Search

[2011/12/10 20:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\AVG2012

[2011/11/06 21:25:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\IMVU

[2011/10/16 13:52:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\IMVUClient

[2011/06/27 10:26:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\Individual Software

[2010/07/21 19:00:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\Lexmark Productivity Studio

[2010/08/08 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\Research In Motion

[2010/09/02 08:14:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Anna\Application Data\Toshiba

[2012/01/14 00:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At1.job

[2012/01/13 09:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At10.job

[2012/01/13 11:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At11.job

[2012/01/13 10:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At12.job

[2012/01/13 12:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At13.job

[2012/01/13 13:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At14.job

[2012/01/13 14:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At15.job

[2012/01/13 15:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At16.job

[2012/01/13 16:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At17.job

[2012/01/13 19:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At18.job

[2012/01/13 17:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At19.job

[2012/01/14 02:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At2.job

[2012/01/13 18:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At20.job

[2012/01/13 20:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At21.job

[2012/01/13 22:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At22.job

[2012/01/13 21:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At23.job

[2012/01/13 23:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At24.job

[2012/01/13 04:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At3.job

[2012/01/13 03:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At4.job

[2012/01/14 01:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At5.job

[2012/01/13 05:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At6.job

[2012/01/13 06:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At7.job

[2012/01/13 07:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At8.job

[2012/01/13 08:27:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00061.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00060.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00059.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00058.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00057.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00056.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00055.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00054.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00053.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00052.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00051.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00050.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00049.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00048.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00047.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00046.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00045.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00044.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00043.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00042.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00041.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00040.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00039.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00038.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00037.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00036.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00035.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00034.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00033.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00032.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00031.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00030.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00029.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00028.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00027.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00026.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00025.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00024.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00023.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00022.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00021.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00020.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00019.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00018.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00017.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00016.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00015.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00014.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00013.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00012.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00011.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00010.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00009.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00008.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00007.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00006.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00005.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00004.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00003.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00002.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00001.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Anna\My Documents\Imported Photos 00000.jpg:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 1/14/2012 8:24:57 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Anna\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.86 Mb Total Physical Memory | 70.97 Mb Available Physical Memory | 14.34% Memory free

1.13 Gb Paging File | 0.35 Gb Available in Paging File | 30.67% Paging File free

Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 127.99 Gb Total Space | 109.50 Gb Free Space | 85.56% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: ANNA-Y4TNC2FAXB | User Name: Anna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" = C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe:*:Enabled:Lexmark Device Monitor -- ()

"C:\Program Files\Lexmark 5600-6600 Series\frun.exe" = C:\Program Files\Lexmark 5600-6600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()

"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))

"C:\Program Files\Lexmark 5600-6600 Series\lxdufax.exe" = C:\Program Files\Lexmark 5600-6600 Series\lxdufax.exe:*:Enabled:Fax software -- ()

"C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)

"C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect

"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 27

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012

"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web

"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0

"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"All ATI Software" = ATI - Software Uninstall Utility

"AVG" = AVG 2012

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5

"ENTERPRISE" = Microsoft Office Enterprise 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"ieSpell" = ieSpell

"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mavis Beacon Teaches Typing Deluxe 16" = Mavis Beacon Teaches Typing Deluxe 16

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Professor Answers" = Professor Answers

"Professor Teaches Excel 2003" = Professor Teaches Excel 2003

"Professor Teaches PowerPoint 2003" = Professor Teaches PowerPoint 2003

"Professor Teaches Word 2003" = Professor Teaches Word 2003

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]