Jump to content

Fake hdd


Recommended Posts

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Hello CandiRain and welcome to MalwareBytes forums.

Why do you mention "hijackthis" ? Are you getting help somewhere else?

If you need to, download and Save the tools using a clean (other) system and save to a new USB-flash or CD/DVD and take tools to the infected system.

First, make sure you have saved all your work before you begin, and close your open apps.

Close all open windows on the Task Bar.

Note: If using Firefox browser, right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes button, your desktop will go blank. (That is normal & expected).

If running on Windows 7 or Vista, to start tools, do a RIGHT-Click and then select "Run As Administrator".

OTH_Main.gif

Then press Start OTL button. OTL will now run. If prompted to allow it to run, press YES.

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

just to let you know. when i turned on my computer the anti virus protection i have found a trojen and put it in a vault... not sure what to do with that but still no files or start up menu and black desktop with no icons. i did everything you said to do tho ill post below

Link to post
Share on other sites

OTL logfile created on: 4/7/2012 9:16:29 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free

2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

Computer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

PRC - [2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

PRC - [2012/01/24 18:24:26 | 002,416,480 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2011/11/28 02:19:04 | 001,229,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 07:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/10/10 07:23:34 | 000,973,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe

PRC - [2011/09/08 21:53:26 | 000,743,264 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 07:21:40 | 000,337,760 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 07:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2008/12/02 22:57:30 | 000,729,088 | -H-- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2011/10/12 07:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 07:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/09/11 07:00:10 | 000,237,650 | -H-- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2011/10/07 07:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 07:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 07:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 02:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 02:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 02:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/07/11 02:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2009/05/03 05:41:54 | 001,294,200 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/05/01 09:43:30 | 000,026,888 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/05/01 09:43:28 | 000,171,144 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)

DRV - [2009/05/01 09:43:28 | 000,149,512 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)

DRV - [2009/05/01 09:43:24 | 000,222,720 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2008/12/02 22:57:32 | 000,112,128 | -H-- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008/10/15 14:58:32 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2008/09/11 07:00:10 | 001,390,323 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008/06/27 13:02:00 | 000,289,024 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/11/02 18:51:30 | 000,006,400 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2007/11/02 18:36:12 | 000,018,176 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2007/07/03 17:58:20 | 000,106,792 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2007/07/03 17:57:24 | 000,011,944 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2007/07/03 17:54:24 | 000,080,552 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2007/01/22 22:33:00 | 000,007,680 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{22E177FF-D849-4A8A-801A-FB5854291E6C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ444YYUS&apn_uid=8858E931-055A-46C6-9B63-314C9D53A66E&apn_sauid=4D6286F7-03B5-40AA-8555-8BD699A77E9F

IE - HKCU\..\SearchScopes\{5CD15C20-3EB0-40E5-ABD1-E9B7F7CB60AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en

IE - HKCU\..\SearchScopes\{84EDDA1C-D0C4-4D54-BD3C-035E52170924}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1

IE - HKCU\..\SearchScopes\{B0C87276-8019-4ED3-BDFA-64E75F7D0F8B}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKCU\..\SearchScopes\{B1C9773A-F0D8-491E-8204-47D7E655B7F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKCU\..\SearchScopes\{C26080EF-DE5E-4852-B7D5-89FC74906A2B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKCU\..\SearchScopes\{D9AA5878-FB80-48D3-AA9B-2DCFACF372AD}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: profilesong.toolbar@completeplaylists.com:1.0.1

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\victoria\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 18:30:33 | 000,000,000 | -H-D | M]

[2010/07/28 23:14:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions

[2010/07/28 23:14:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/07/26 17:11:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions

[2009/07/05 00:54:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/08/16 23:55:29 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/22 15:36:04 | 000,000,000 | -H-D | M] (Diccionario de Español/España) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\es-es@dictionaries.addons.mozilla.org

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iDTSysTrayApp] C:\WINDOWS\STTRAY.EXE (IDT, Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\victoria\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: vccs.edu ([google] https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31FFF463-D0A4-4BDD-9FB9-20D2291C98FC}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/03 05:24:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell - "" = AutoRun

O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell\AutoRun\command - "" = D:\WIN\setup.exe

O33 - MountPoints2\{47565a08-c375-11de-9ccd-0024815d8f86}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 09:14:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

[2012/04/07 09:14:03 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

[2012/04/07 09:00:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\victoria\Recent

[2012/04/06 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Start Menu\Programs\SMART HDD

[2012/04/05 07:40:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\victoria\Application Data\PoseCentral

[2012/04/05 07:40:44 | 000,000,000 | -H-D | C] -- C:\Program Files\PandoraV

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 09:42:00 | 000,000,990 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004UA.job

[2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

[2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

[2012/04/07 09:07:23 | 094,033,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/04/07 09:01:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3

[2012/04/07 09:01:06 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r

[2012/04/07 09:00:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

[2012/04/07 09:00:26 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3

[2012/04/07 08:59:27 | 000,000,848 | -H-- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineCore.job

[2012/04/07 08:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/06 14:43:00 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineUA.job

[2012/04/06 13:03:36 | 000,069,283 | -H-- | M] () -- C:\Documents and Settings\victoria\.recently-used.xbel

[2012/04/05 17:32:51 | 000,048,743 | -H-- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/04/05 07:40:56 | 000,001,631 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

[2012/04/05 07:13:24 | 000,001,949 | -H-- | M] () -- C:\Documents and Settings\victoria\Desktop\IMVU.lnk

[2012/04/04 10:42:00 | 000,000,938 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004Core.job

[2012/04/03 12:05:40 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/30 23:51:49 | 000,834,682 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/30 23:51:48 | 000,262,846 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/15 19:45:27 | 000,152,384 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/15 10:17:13 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 09:00:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

[2012/04/06 15:33:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r

[2012/04/06 15:33:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3

[2012/04/06 15:33:12 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3

[2012/04/06 13:03:36 | 000,069,283 | -H-- | C] () -- C:\Documents and Settings\victoria\.recently-used.xbel

[2012/04/05 07:40:56 | 000,001,631 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

[2012/02/15 20:46:03 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/17 17:18:34 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/11 14:19:11 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/06/11 14:19:11 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/06/11 14:19:11 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/06/11 14:19:11 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/06/11 14:19:11 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/06/11 14:19:11 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/06/11 14:19:10 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/06/11 14:19:10 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/06/11 14:19:10 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/06/11 14:19:10 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/06/11 14:19:10 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/06/11 14:19:10 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/06/11 14:19:10 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/06/11 14:19:10 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/06/11 14:19:10 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/06/11 14:19:10 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/03/19 19:13:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2010/06/28 19:24:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2011/07/27 11:10:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/10/10 01:00:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/10/16 12:02:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/08/30 05:48:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/04/07 09:08:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/08/01 20:34:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint

[2009/05/03 06:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/05/21 12:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/25 16:47:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/04 19:42:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/05/04 15:30:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\acccore

[2010/10/16 13:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\AVG10

[2002/01/08 22:39:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\AVG2012

[2009/06/14 12:07:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Bytemobile

[2011/06/11 14:02:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Driver Smith

[2011/06/11 16:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\EPSON

[2009/05/03 18:15:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\GetRightToGo

[2012/04/06 12:41:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\gtk-2.0

[2012/04/05 17:54:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU

[2010/08/02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU Previewer

[2012/03/02 12:33:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVUClient

[2010/02/08 14:54:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Maple

[2012/04/05 07:40:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\PoseCentral

[2012/04/07 09:20:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\PriceGong

[2009/07/04 19:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Research In Motion

[2010/12/13 18:15:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\SecondLife

[2009/05/03 18:03:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Sierra Wireless

[2009/05/03 05:38:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\TMP

[2010/07/28 23:23:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Vivox

[2011/05/18 23:40:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Wacom

[2012/04/07 08:59:27 | 000,000,848 | -H-- | M] () -- C:\WINDOWS\Tasks\ZatisfiUpdateTaskMachineCore.job

[2012/04/06 14:43:00 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\Tasks\ZatisfiUpdateTaskMachineUA.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 4/7/2012 9:16:29 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free

2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

Computer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility

"{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012

"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3

"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity_is1" = Audacity 1.2.6

"AVG" = AVG 2012

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"IMVU_Inc Toolbar" = IMVU Inc Toolbar

"InstallShield_{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinGimp-2.0_is1" = GIMP 2.6.10

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/30/2012 8:47:30 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/1/2012 2:41:51 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/1/2012 7:12:36 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/1/2012 8:48:15 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/2/2012 5:47:30 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/2/2012 11:15:38 AM | Computer Name = VICTORIA-AE7A76 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/3/2012 12:05:50 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/3/2012 12:22:43 PM | Computer Name = VICTORIA-AE7A76 | Source = Application Hang | ID = 1002

Description = Hanging application IMVUClient.exe, version 469.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2012 9:36:25 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/4/2012 4:06:31 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

[ OSession Events ]

Error - 5/9/2009 8:16:15 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 1073 seconds with 1020 seconds of active time. This session ended with a

crash.

Error - 10/6/2009 7:31:40 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1394

seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 1/1/2002 12:01:49 AM | Computer Name = VICTORIA-AE7A76 | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume C:.

Error - 3/25/2012 4:00:16 PM | Computer Name = VICTORIA-AE7A76 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 3/26/2012 11:45:08 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 4/5/2012 11:34:29 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 4/5/2012 11:39:42 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Yahoo! Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 4/6/2012 11:53:53 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Yahoo! Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 4/7/2012 9:15:17 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Audio Service service terminated unexpectedly. It has done this

1 time(s).

Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Yahoo! Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 4/7/2012 9:15:24 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The hpqwmiex service terminated unexpectedly. It has done this 1

time(s).

< End of report >

Link to post
Share on other sites

im sorry i have no idea why that came out small.

OTL Extras logfile created on: 4/7/2012 9:16:29 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free

2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

Computer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility

"{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012

"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3

"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity_is1" = Audacity 1.2.6

"AVG" = AVG 2012

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"IMVU_Inc Toolbar" = IMVU Inc Toolbar

"InstallShield_{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinGimp-2.0_is1" = GIMP 2.6.10

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/30/2012 8:47:30 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/1/2012 2:41:51 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/1/2012 7:12:36 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/1/2012 8:48:15 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/2/2012 5:47:30 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/2/2012 11:15:38 AM | Computer Name = VICTORIA-AE7A76 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/3/2012 12:05:50 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/3/2012 12:22:43 PM | Computer Name = VICTORIA-AE7A76 | Source = Application Hang | ID = 1002

Description = Hanging application IMVUClient.exe, version 469.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2012 9:36:25 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 4/4/2012 4:06:31 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

[ OSession Events ]

Error - 5/9/2009 8:16:15 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 1073 seconds with 1020 seconds of active time. This session ended with a

crash.

Error - 10/6/2009 7:31:40 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1394

seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 1/1/2002 12:01:49 AM | Computer Name = VICTORIA-AE7A76 | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume C:.

Error - 3/25/2012 4:00:16 PM | Computer Name = VICTORIA-AE7A76 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 3/26/2012 11:45:08 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 4/5/2012 11:34:29 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 4/5/2012 11:39:42 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Yahoo! Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 4/6/2012 11:53:53 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Yahoo! Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 4/7/2012 9:15:17 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Audio Service service terminated unexpectedly. It has done this

1 time(s).

Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Yahoo! Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 4/7/2012 9:15:24 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034

Description = The hpqwmiex service terminated unexpectedly. It has done this 1

time(s).

< End of report >

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.32

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 26

Java version out of date!

Adobe Flash Player 10.0.22.87 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

Link to post
Share on other sites

Hello,

Disconnect any external HDD drives or any USB-flash drives you may have connected to this system.

You have done well so far, getting the log reports, which help a lot. Prior to this, I had no idea which version of Windows nor which antivirus this had.

Do as much as you can of the following. If one does not "start" or is blocked, write that down for me, and go forward with the next steps.

Do not run any other programs while these are running. I also do not want you to run anything on your own, without checking with me first.

Looks like your system is infected with the Smart HDD rogue-malware.

Step 1

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 5

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    C:\Documents and Settings\victoria\Start Menu\Programs\SMART HDD
    C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3
    C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r
    C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
    C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}]
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 6

Re-enable your antivirus program, AVG2012. Make an Update run to insure it is fully up-to-date.

Do a quick scan with AVG and let me know what the result is.

Reply with copy of the OTL MovedFiles log

and tell me, if your Desktop is "normal" again?

We are not done, by a long shot. There will be much more to do later.

Link to post
Share on other sites

i hope i did this right.

========== PROCESSES ==========

All processes killed

========== FILES ==========

C:\Documents and Settings\victoria\Start Menu\Programs\SMART HDD folder moved successfully.

C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3 moved successfully.

C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r moved successfully.

C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully.

C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3 moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ad73db6-382e-11de-9c46-0024815d8f86}\ not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04082012_030701

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Avg did find one file that it moved to the vault during scan corrupt executable file.

I noticed that avg is still holding the trojen in its vault there are options at the bottom to delet or empty vault do i need to do that?

Link to post
Share on other sites

Hello,

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

After it is finished, tell me what your Desktop, etc, Start menu, etc, looks like.

There is still lots more to do. We are not finished.

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

my desktop icons are not greyed out anymore and are all there. I still have a black background. All my start menu items are there except my control panel, my computer, documents, pics, music.

OTL logfile created on: 4/9/2012 2:30:20 AM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 414.93 Mb Available Physical Memory | 40.87% Memory free

2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.34% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 41.21 Gb Free Space | 73.74% Space Free | Partition Type: NTFS

Drive E: | 1.89 Gb Total Space | 1.86 Gb Free Space | 98.34% Space Free | Partition Type: FAT

Computer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe

PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2008/12/02 22:57:30 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/09/11 07:00:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STTRAY.EXE

PRC - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\STACSV.EXE

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/02/08 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE

========== Modules (No Company Name) ==========

MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2009/05/03 05:41:54 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/05/01 09:43:30 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/05/01 09:43:28 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)

DRV - [2009/05/01 09:43:28 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)

DRV - [2009/05/01 09:43:24 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2008/12/02 22:57:32 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008/10/15 14:58:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2008/09/11 07:00:10 | 001,390,323 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008/06/27 13:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/11/02 18:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2007/11/02 18:36:12 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2007/01/22 22:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{22E177FF-D849-4A8A-801A-FB5854291E6C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ444YYUS&apn_uid=8858E931-055A-46C6-9B63-314C9D53A66E&apn_sauid=4D6286F7-03B5-40AA-8555-8BD699A77E9F

IE - HKCU\..\SearchScopes\{5CD15C20-3EB0-40E5-ABD1-E9B7F7CB60AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en

IE - HKCU\..\SearchScopes\{84EDDA1C-D0C4-4D54-BD3C-035E52170924}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1

IE - HKCU\..\SearchScopes\{B0C87276-8019-4ED3-BDFA-64E75F7D0F8B}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKCU\..\SearchScopes\{B1C9773A-F0D8-491E-8204-47D7E655B7F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKCU\..\SearchScopes\{C26080EF-DE5E-4852-B7D5-89FC74906A2B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKCU\..\SearchScopes\{D9AA5878-FB80-48D3-AA9B-2DCFACF372AD}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: profilesong.toolbar@completeplaylists.com:1.0.1

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\victoria\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 18:30:33 | 000,000,000 | ---D | M]

[2010/07/28 23:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions

[2010/07/28 23:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/07/26 17:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions

[2009/07/05 00:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/08/16 23:55:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/22 15:36:04 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\es-es@dictionaries.addons.mozilla.org

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iDTSysTrayApp] C:\WINDOWS\STTRAY.EXE (IDT, Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\victoria\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\victoria\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: vccs.edu ([google] https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31FFF463-D0A4-4BDD-9FB9-20D2291C98FC}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/03 05:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{47565a08-c375-11de-9ccd-0024815d8f86}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 02:06:04 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\victoria\Desktop\unhide.exe

[2012/04/08 03:07:01 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/08 02:27:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/08 02:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/04/08 02:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/04/08 02:26:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\victoria\Desktop\erunt-setup.exe

[2012/04/08 02:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Desktop\FixPolicies

[2012/04/07 09:14:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

[2012/04/07 09:14:03 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

[2012/04/07 09:00:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\victoria\Recent

[2012/04/05 07:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Application Data\PoseCentral

[2012/04/05 07:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\PandoraV

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 02:42:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004UA.job

[2012/04/09 02:08:10 | 094,161,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/04/09 02:05:58 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\victoria\Desktop\unhide.exe

[2012/04/09 01:59:51 | 000,000,848 | ---- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineCore.job

[2012/04/09 01:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/08 14:43:00 | 000,000,850 | ---- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineUA.job

[2012/04/08 02:27:19 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\victoria\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/04/08 02:27:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\NTREGOPT.lnk

[2012/04/08 02:27:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\ERUNT.lnk

[2012/04/08 02:26:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\victoria\Desktop\erunt-setup.exe

[2012/04/08 02:24:39 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\rkill.com

[2012/04/08 02:21:56 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\FixPolicies.exe

[2012/04/07 10:42:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004Core.job

[2012/04/07 09:57:15 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\SecurityCheck.exe

[2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

[2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

[2012/04/06 15:33:55 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

[2012/04/06 13:03:36 | 000,069,283 | ---- | M] () -- C:\Documents and Settings\victoria\.recently-used.xbel

[2012/04/05 17:32:51 | 000,048,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/04/05 07:40:56 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

[2012/04/05 07:13:24 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\IMVU.lnk

[2012/04/03 12:05:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/30 23:51:49 | 000,834,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/30 23:51:48 | 000,262,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/15 19:45:27 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/15 10:17:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 02:25:33 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2012/04/09 02:25:33 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

[2012/04/09 02:25:33 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012/04/09 02:25:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/04/09 02:25:33 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/04/09 02:25:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/04/09 02:25:32 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Pandora.lnk

[2012/04/09 02:25:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/04/09 02:25:30 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk

[2012/04/09 02:25:27 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk

[2012/04/09 02:25:25 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk

[2012/04/08 02:27:19 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\victoria\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/04/08 02:27:12 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\NTREGOPT.lnk

[2012/04/08 02:27:12 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\ERUNT.lnk

[2012/04/08 02:24:39 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\rkill.com

[2012/04/08 02:22:07 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\FixPolicies.exe

[2012/04/07 09:57:15 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\SecurityCheck.exe

[2012/04/06 13:03:36 | 000,069,283 | ---- | C] () -- C:\Documents and Settings\victoria\.recently-used.xbel

[2012/04/05 07:40:56 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

[2012/02/15 20:46:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/17 17:18:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/11 14:19:11 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/06/11 14:19:11 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/06/11 14:19:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/06/11 14:19:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/06/11 14:19:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/06/11 14:19:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/06/11 14:19:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/06/11 14:19:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/06/11 14:19:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/06/11 14:19:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/06/11 14:19:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/06/11 14:19:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/06/11 14:19:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/06/11 14:19:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/06/11 14:19:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/06/11 14:19:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/03/19 19:13:07 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/05/21 20:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/06/28 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2010/06/28 19:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL

[2009/05/04 15:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP

[2009/07/10 13:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/07/04 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2011/07/27 11:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/10/10 01:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/10/16 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2012/02/03 17:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2011/08/30 05:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/12/09 23:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2012/04/09 02:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/11/21 14:31:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2012/03/06 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2009/06/14 12:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton

[2009/05/03 06:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2009/07/11 09:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2011/04/12 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/08/01 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint

[2010/06/08 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2009/05/06 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2009/05/03 06:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/06/30 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2011/05/21 22:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2011/05/21 12:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/25 16:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/04 19:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/07/01 20:17:38 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe

[2010/12/09 23:09:05 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtbF.tmp.exe

[2011/02/08 06:33:04 | 000,580,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcfgex.exe

[2011/05/23 15:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgchsvx.exe

[2011/04/20 06:56:52 | 001,559,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcmgr.exe

[2011/08/04 11:49:36 | 003,769,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcremx.exe

[2011/03/28 04:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcsrvx.exe

[2011/08/18 02:33:30 | 003,833,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdiagex.exe

[2011/02/08 06:33:04 | 000,278,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdumpx.exe

[2011/03/16 17:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgemcx.exe

[2011/02/08 06:33:06 | 000,218,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avglscanx.exe

[2002/01/08 21:15:38 | 005,587,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe

[2011/09/09 04:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgnsx.exe

[2002/01/08 21:15:32 | 000,598,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe

[2011/08/18 02:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrsx.exe

[2011/02/08 06:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgscanx.exe

[2011/02/09 06:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsrmax.exe

[2011/09/08 18:32:50 | 005,996,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\AVGTBInstall.exe

[2011/09/10 07:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgtray.exe

[2011/09/10 07:28:50 | 003,593,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgui.exe

[2011/02/08 06:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwdsvc.exe

[2011/02/08 06:33:46 | 000,754,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwsc.exe

[2011/02/08 06:33:10 | 000,456,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\fixcfg.exe

[2009/07/10 05:49:28 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >

[2009/05/04 15:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\acccore

[2011/05/18 23:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Adobe

[2011/10/15 19:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Apple Computer

[2010/10/16 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\AVG10

[2002/01/08 22:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\AVG2012

[2012/02/03 17:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\AVS4YOU

[2009/06/14 12:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Bytemobile

[2011/06/11 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Driver Smith

[2011/06/11 16:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\EPSON

[2009/05/03 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\GetRightToGo

[2012/04/06 12:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\gtk-2.0

[2009/05/03 05:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Identities

[2012/04/08 12:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU

[2010/08/02 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU Previewer

[2012/03/02 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\IMVUClient

[2009/05/03 05:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\InstallShield

[2009/05/03 05:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Macromedia

[2010/02/08 14:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Maple

[2012/02/27 08:56:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\victoria\Application Data\Microsoft

[2010/07/13 10:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Mozilla

[2012/04/05 07:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\PoseCentral

[2012/04/09 02:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\PriceGong

[2009/07/04 19:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Research In Motion

[2010/12/13 18:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\SecondLife

[2009/05/03 18:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Sierra Wireless

[2011/03/19 19:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Skype

[2011/03/19 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\skypePM

[2009/05/03 06:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Sun

[2009/05/03 05:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\TMP

[2010/07/28 23:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Vivox

[2011/05/18 23:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Wacom

[2011/11/24 18:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Yahoo!

< %APPDATA%\*.exe /s >

[2012/03/05 20:04:14 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\devicefingerprint.exe

[2012/03/05 20:04:22 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\devicefingerprint_old.exe

[2012/04/04 13:49:18 | 000,054,096 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\IMVUClient.exe

[2012/04/04 13:49:18 | 000,023,376 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\IMVUQualityAgent.exe

[2012/04/04 13:49:20 | 000,097,784 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\IMVUupdater.exe

[2012/04/04 13:22:28 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\victoria\Application Data\IMVUClient\plugin-container.exe

[2012/04/05 07:13:20 | 000,077,969 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\Uninstall.exe

[2012/03/05 18:17:16 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\w9xpopen.exe

[2012/03/05 20:42:38 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\WriteMiniDump.exe

[2012/04/05 07:12:14 | 029,636,208 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\installer\SetupImvu_update.exe

[2008/06/12 06:09:06 | 000,033,088 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2009/05/03 05:55:17 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe

[2009/05/03 06:09:28 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{275E7C8F-5407-4E2D-9506-0DC5BC59B14E}\NewShortcut1_275E7C8F54074E2D95060DC5BC59B14E.exe

[2009/05/03 06:09:28 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{275E7C8F-5407-4E2D-9506-0DC5BC59B14E}\NewShortcut2_275E7C8F54074E2D95060DC5BC59B14E.exe

[2011/09/30 01:14:44 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2002/01/01 19:11:27 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

[2008/07/08 04:02:00 | 017,912,320 | ---- | M] (Marvell ) -- C:\Documents and Settings\victoria\Application Data\TMP\setup.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >

[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >

[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys

[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: THEMEUI.DLL >

[2008/04/14 08:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\dllcache\themeui.dll

[2008/04/14 08:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll

< MD5 for: USERINIT.EXE >

[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\victoria\Local Settings\Temp\RarSFX0\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

[2009/05/02 22:05:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2009/05/02 22:05:12 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2009/05/02 22:05:12 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Link to post
Share on other sites

We need to follow-up with some checks. 1 with MBAm and 1 with an online scan.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the MBAM scan log & Eset scan log.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.11.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

victoria :: VICTORIA-AE7A76 [administrator]

Protection: Enabled

4/11/2012 11:15:27 AM

mbam-log-2012-04-11 (15-06-47).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 273049

Time elapsed: 3 hour(s), 31 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\System Volume Information\_restore{EAD3C747-8332-4413-8D2D-AC03E35A7962}\RP366\A0236884.exe (Backdoor.Agent.RCGen) -> No action taken.

C:\System Volume Information\_restore{EAD3C747-8332-4413-8D2D-AC03E35A7962}\RP366\A0236885.exe (Backdoor.Agent.RCGen) -> No action taken.

(end)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5e535041993a1845801a1fafe4d4d133

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-04-12 07:46:17

# local_time=2012-04-12 03:46:17 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 15060061 15060061 0 0

# compatibility_mode=1024 16777191 100 0 322743289 322743289 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=82079

# found=0

# cleaned=0

# scan_time=11439

Link to post
Share on other sites

I really appricate your help with this. I'm not the wisest in computer but I get by. I'm glad you guys are here to help. I have noticed since everything has been cleaned up when I go on google or bing I get redirected to some other website that is not what i clicked on.

Link to post
Share on other sites

On the search-click-redirect, always give fuller details:

Which browser is used: Internet Explorer? Firefox? Chrome ?

Do you get to the Google website ok? yes/no

What is the search term ?

What is the link that you are looking for?

Please do the following steps:

Step 1

Temporarily turn off your antivirus program. Leave the firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

Double click on aswMBR.exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Windows 7 & Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 4

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

Step 5

RE-Enable your antivirus program.

Reply with copy of contents of aswMBR log

TDSSKILLER log

Gooredfix.txt

Gmer.txt log

Link to post
Share on other sites

Did you save them to the Desktop ?

Are you logged in with an administrator-rights account?

Details on just what "message you got" when you tried to start those utilities would help.

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.61[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Copy and attach contents of latest MBAM scan log for my review.

Link to post
Share on other sites

While it is scanning ill answer ur questions. I'm using explorer and I don't have any problems getting to bing. Which is my default search engine or google if I type it into the address bar but I tried searching simple things and any link I click on it redirects me to random websites trying to sell me things.

As for the scanners no error message pops up for a moment it acts like it will open when I double click on it but then nothing happens. When I tryto click on any other items I have on my desk top they do the same thing I have to go to start and open them from there instead. Malwarebytes is running a quick scan now and ill post up the results soon

Link to post
Share on other sites

Do not do any searching of any sort until after I give the all clear. Let MBAM run un-interrupted. e.g., when I ask you to run tools, only run the tools and do not use the pc for any other use or task. In other words, one single task at a time.

Close all browsers and let MBAM finish.

The fact that the other tools do not run, means the likelyhood of a rootkit is high and that is not where we want to be.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.14.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

:: VICTORIA-AE7A76 [administrator]

Protection: Enabled

4/14/2012 4:40:50 PM

mbam-log-2012-04-14 (16-40-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 225514

Time elapsed: 1 hour(s), 40 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.