Google Redirect & cannot update Malwarebytes!

FeyenoordTopBoy · December 28, 2009

Hi,

I am suffering from the google redirect thing, I can't seem to find anything here to remedy it, so am searching for help here. I also cannot update, I think the update is getting intercepted, here is a screen grab of the message:

I run a full scan and get no threats:

Malwarebytes' Anti-Malware 1.42

Database version: 3289

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

28/12/2009 5:53:18 PM

mbam-log-2009-12-28 (17-53-18).txt

Scan type: Full Scan (C:\|)

Objects scanned: 281523

Time elapsed: 1 hour(s), 49 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

What should I do?

FeyenoordTopBoy · December 29, 2009

I also did the DDS thing, if this well help anybody, and these are the logs:

DDS (Ver_09-12-01.01) - NTFSx86

Run by eric at 21:29:00.37 on 28/12/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.540 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\ACS.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\eric\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll

BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: IEWatchObj Class: {9527d42f-d666-11d3-b8dd-00600838cd5f} - c:\windows\system32\IETie.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP0.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll

TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP0.dll

TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\documents and settings\eric\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe

mRun: [<NO NAME>]

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe

mRun: [TPSMain] TPSMain.exe

mRun: [ZoomingHook] ZoomingHook.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [sMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

StartupFolder: c:\docume~1\eric\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {578FC4E3-151E-456c-AF8E-B63061EFE228}}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229896370234

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {184E2951-DF27-4F32-B683-787E291E774B} = 192.168.10.203,192.168.10.205

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 10.86.240.89 phxasnd1 phxasnd1-on phxasnd1.cendant.com crsdev crsqa hjtrain ratrain vltrain wgtrain tltrain kgtrain ditrain setrain xhtrain vhtrain airqa sescisqa trpcisqa cisqa # SUN

Hosts: 10.86.240.100 days_crs diagent # Days Inn CRS

Hosts: 10.86.240.101 super8_crs seagent # Super8 CRS

Hosts: 10.86.240.102 travel_crs tlagent # Travelodge CRS

Hosts: 10.86.240.103 hojo_crs hjagent # Howard Johnson CRS

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\jfixivhs.default\

FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\eric\application data\mozilla\firefox\profiles\jfixivhs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\eric\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\eric\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\rogers online protection\rogers servicepoint agent\nprpspa.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-10 161800]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-10 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-10 28424]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-10 360584]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-10 285392]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2006-2-9 9161]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-5-12 61328]

S2 gupdate1c9ba4725772c42;Google Update Service (gupdate1c9ba4725772c42);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]

S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2006-2-8 113728]

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\pif\{96e26a03-a25a-400b-b9b4-564c9bd00f46}\PifEng.dll [2007-8-28 304520]

S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-5 1245064]

=============== Created Last 30 ================

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 15:08:16 545424 ----a-r- c:\windows\system32\SZComp5.dll

2009-10-27 15:08:14 402064 ----a-r- c:\windows\system32\SZBase5.dll

2009-10-27 14:59:38 17408 ----a-r- c:\windows\system32\SZIO5.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 18:40:34 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll

2009-10-20 18:40:24 393216 ----a-r- c:\windows\system32\IS3DBA5.dll

2009-10-20 18:38:16 385024 ----a-r- c:\windows\system32\IS3UI5.dll

2009-10-20 18:37:58 61440 ----a-r- c:\windows\system32\IS3Hks5.dll

2009-10-20 18:37:40 23040 ----a-r- c:\windows\system32\IS3XDat5.dll

2009-10-20 18:35:40 225280 ----a-r- c:\windows\system32\IS3Win325.dll

2009-10-20 18:35:18 94208 ----a-r- c:\windows\system32\IS3Inet5.dll

2009-10-20 18:35:04 90112 ----a-r- c:\windows\system32\IS3Svc5.dll

2009-10-20 18:31:52 729088 ----a-r- c:\windows\system32\IS3Base5.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2006-06-03 04:26:22 175990553 ----a-w- c:\program files\psp_pro9.zip

2006-05-31 01:16:24 8286208 ----a-w- c:\program files\WinSPE 1.56 Setup.msi

2006-05-24 16:57:38 86016 ----a-w- c:\program files\SPEPatch.exe

2006-05-16 14:18:48 3088384 ----a-w- c:\program files\proxyway.exe

2006-04-15 18:30:30 359112 ----a-w- c:\program files\LimeWireWin.exe

2006-03-22 01:38:56 492289 ----a-w- c:\program files\impalement.rm

2006-03-18 15:02:52 5175696 ----a-w- c:\program files\Firefox Setup 1.5.0.1.exe

2008-12-23 18:44:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat

============= FINISH: 21:30:08.39 ===============

FeyenoordTopBoy · December 30, 2009

anyone?

sjpritch25 · January 1, 2010

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
Double-click Gmer.exe to run the program.
When the program opens, click the "Rootkit" Tab
On the right-side, check all the items to be scanned, but leave "Show All" unchecked
Select all drives that are connected to your system to be scanned
Click the Scan button
When the scan is finished, click Copy to save the scan log to the Windows clipboard
Open Notepad or a similar text editor
Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
Save the gmer scan log and post it in your next reply.
Close Gmer
Open a command prompt (Start | run |type cmd and hit Enter)
- Type or paste the following to unload the gmer driver:
- net stop gmer
- Hit Enter
- Exit the command prompt.
[*]Re-enable all active protection.

FeyenoordTopBoy · January 2, 2010

Hi, thanks so much for helping!

I have done as you asked.

The log is attached.

I really appreciate your assistance.

gmerscanlog.rtf

sjpritch25 · January 2, 2010

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Extra Registry change it to Use SafeList.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

FeyenoordTopBoy · January 2, 2010

OTL logfile created on: 02/01/2010 3:28:34 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\eric\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 13.95 Gb Free Space | 24.95% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: FEYENOORD

Current User Name: eric

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/02 15:27:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eric\My Documents\Downloads\OTL.exe

PRC - [2009/12/23 09:30:31 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2009/12/10 12:31:19 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/12/10 12:31:19 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/12/10 09:07:20 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/12/10 09:07:18 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/10 09:07:06 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe

PRC - [2009/12/10 09:07:03 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2009/11/03 20:17:14 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

PRC - [2009/10/27 10:01:40 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

PRC - [2009/04/10 20:45:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe

PRC - [2008/04/21 07:08:15 | 00,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/14 16:19:26 | 00,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

PRC - [2006/06/14 23:11:09 | 00,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe

PRC - [2005/08/25 21:11:58 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

PRC - [2005/07/15 12:52:42 | 01,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

PRC - [2005/07/05 23:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

PRC - [2005/07/05 09:30:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2005/06/30 12:05:56 | 00,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

PRC - [2005/06/06 11:58:44 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe

PRC - [2005/05/31 19:16:44 | 00,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe

PRC - [2005/05/31 19:16:24 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2005/05/31 07:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe

PRC - [2005/04/26 18:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2005/04/05 18:25:34 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

PRC - [2005/01/17 18:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2004/12/30 02:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2004/12/22 16:50:04 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

PRC - [2004/12/21 11:10:04 | 00,088,358 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe

PRC - [2004/08/28 02:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

PRC - [2004/08/28 02:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

PRC - [2004/03/23 09:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe

PRC - [2003/02/25 22:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe

========== Modules (SafeList) ==========

MOD - [2010/01/02 15:27:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eric\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 09:07:03 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/10/27 10:01:40 | 00,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)

SRV - [2009/04/10 20:45:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ba4725772c42) Google Update Service (gupdate1c9ba4725772c42)

SRV - [2009/04/10 20:44:26 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2008/10/05 20:49:58 | 01,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/09/19 10:38:02 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)

SRV - [2008/09/19 10:37:58 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)

SRV - [2008/09/19 10:37:36 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)

SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)

SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)

SRV - [2007/08/28 19:41:52 | 00,107,912 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CLTNetCN.dll -- (CLTNetCnService)

SRV - [2007/08/28 19:41:47 | 00,304,520 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\PifEng.dll -- (LiveUpdate Notice)

SRV - [2007/08/28 19:41:02 | 00,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

SRV - [2007/06/04 22:31:44 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2005/07/05 09:30:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2005/01/17 18:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2004/12/22 16:50:04 | 00,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004/08/28 02:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

SRV - [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)

SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/12/10 09:08:39 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2009/12/10 09:08:36 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/12/10 09:08:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/12/10 09:08:22 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/05/12 13:13:12 | 00,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)

DRV - [2009/05/12 13:13:12 | 00,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)

DRV - [2008/10/05 20:48:43 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)

DRV - [2008/04/13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)

DRV - [2006/02/09 09:17:58 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2005/07/29 11:55:46 | 00,030,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)

DRV - [2005/07/05 09:36:36 | 01,245,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/06/03 21:49:42 | 00,009,600 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)

DRV - [2005/06/02 05:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)

DRV - [2005/05/31 07:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)

DRV - [2005/05/31 07:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)

DRV - [2005/05/31 07:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)

DRV - [2005/05/31 07:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)

DRV - [2005/05/31 07:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)

DRV - [2005/05/31 07:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)

DRV - [2005/05/31 07:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)

DRV - [2005/05/31 07:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)

DRV - [2005/05/31 07:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)

DRV - [2005/05/13 12:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)

DRV - [2005/05/13 12:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)

DRV - [2005/04/22 05:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)

DRV - [2005/04/21 04:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)

DRV - [2005/04/18 21:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/03/04 15:02:20 | 01,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2004/12/22 16:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2004/11/15 03:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/07/30 17:05:08 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)

DRV - [2004/06/27 21:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2003/09/19 03:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2003/01/29 16:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

DRV - [2002/04/22 14:50:14 | 00,009,161 | R--- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)

DRV - [2002/01/24 17:43:40 | 00,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)

DRV - [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)

DRV - [2001/08/09 13:11:30 | 00,113,728 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)

DRV - [2001/08/09 13:11:30 | 00,113,728 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\Stopzilla!\Toolbar\SZIESearchHook.dll File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..keyword.URL: "http://www.ask.com/web?&o=13048&l=dis&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 12:32:41 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/19 19:38:24 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 07:59:24 | 00,000,000 | ---D | M]

[2009/11/22 20:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions

[2009/11/22 20:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/01/02 14:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\jfixivhs.default\extensions

[2009/12/06 08:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\jfixivhs.default\extensions\firefox@tvunetworks.com

[2010/01/01 11:10:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (1284 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 10.86.240.89 phxasnd1 phxasnd1-on phxasnd1.cendant.com crsdev crsqa hjtrain ratrain vltrain wgtrain tltrain kgtrain ditrain setrain xhtrain vhtrain airqa sescisqa trpcisqa cisqa # SUN

O1 - Hosts: 10.86.240.100 days_crs diagent # Days Inn CRS

O1 - Hosts: 10.86.240.101 super8_crs seagent # Super8 CRS

O1 - Hosts: 10.86.240.102 travel_crs tlagent # Travelodge CRS

O1 - Hosts: 10.86.240.103 hojo_crs hjagent # Howard Johnson CRS

O1 - Hosts: 10.86.240.104 ramada_crs raagent # Ramada CRS

O1 - Hosts: 10.86.240.105 knights_crs kgagent xhagent vhagent # Knights Inn CRS

O1 - Hosts: 10.86.240.106 amhost_crs amagent # Amerihost CRS

O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll File not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEWatchObj Class) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll (Tenebril Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll (Conduit Ltd.)

O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll File not found

O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll File not found

O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)

O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)

O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)

O4 - HKCU..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

O4 - Startup: C:\Documents and Settings\eric\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1229896370234 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/30 20:51:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{d8f871e8-458b-11de-8f66-0011f5e47d14}\Shell - "" = AutoRun

O33 - MountPoints2\{d8f871e8-458b-11de-8f66-0011f5e47d14}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d8f871e8-458b-11de-8f66-0011f5e47d14}\Shell\AutoRun\command - "" = E:\Loaderw.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/01 20:07:04 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound

[2010/01/01 19:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\WMTools Downloaded Files

[2010/01/01 18:27:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\FinalBurner Video DVD

[2010/01/01 18:27:08 | 00,000,000 | ---D | C] -- C:\finalburner

[2009/12/21 21:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\Matthias

[2009/12/21 20:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\VTech

[2009/12/21 20:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\InstallShield

[2009/12/20 11:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\india registration_files

[2009/12/18 22:07:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\Unity

[2009/12/18 17:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software

[2009/12/18 11:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\NCH Software

[2009/12/18 11:34:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\InterVideo

[2009/12/11 08:17:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\AVG9

[2009/12/10 09:09:09 | 00,000,000 | -H-D | C] -- C:\$AVG

[2009/12/10 09:08:41 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/12/10 09:08:39 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/12/10 09:08:36 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/12/10 09:08:26 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/12/10 09:08:22 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/12/10 09:07:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/12/10 09:07:01 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/12/10 09:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/12/10 09:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/10 09:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/10 09:01:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/10 09:01:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/10 08:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2009/12/10 08:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\Malwarebytes

[2009/12/10 08:08:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3

[2009/12/10 08:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2009/12/10 08:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\Lavasoft

[2009/12/10 07:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\Downloads

[2009/12/06 09:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\TVU Networks

[2009/12/06 09:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks

[2009/12/06 09:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eric\LocalLow

[2009/12/06 08:52:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx

[2009/12/06 08:52:19 | 02,029,544 | ---- | C] (TVU networks) -- C:\Documents and Settings\eric\Desktop\PluginInstaller.exe

[2009/04/23 15:16:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/04/10 20:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009/01/16 13:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio

[2006/06/14 14:28:01 | 00,086,016 | ---- | C] ( ) -- C:\Program Files\SPEPatch.exe

[2006/03/18 10:02:29 | 05,175,696 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.5.0.1.exe

[2006/02/08 07:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/02 15:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/01/02 15:06:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2929568319-3483580704-1314566446-1009UA.job

[2010/01/02 14:44:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/02 14:42:55 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/01/02 14:41:47 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/01/02 14:41:34 | 00,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\NJTGSL.job

[2010/01/02 14:41:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/02 14:41:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/02 14:41:21 | 14,744,78080 | -HS- | M] () -- C:\hiberfil.sys

[2010/01/02 11:02:58 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\eric\NTUSER.DAT

[2010/01/02 11:02:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\eric\ntuser.ini

[2010/01/02 10:26:38 | 00,005,031 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\gmerscanlog.rtf

[2010/01/02 09:16:52 | 47,347,487 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/01/01 21:06:01 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2929568319-3483580704-1314566446-1009Core.job

[2010/01/01 20:07:51 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job

[2010/01/01 20:07:50 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadDowngrade.job

[2010/01/01 20:07:08 | 00,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Express Burn.lnk

[2010/01/01 19:55:07 | 00,000,040 | ---- | M] () -- C:\Auth.prof

[2010/01/01 19:52:55 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/01 11:02:47 | 00,128,265 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/12/26 16:24:19 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/12/22 21:02:29 | 00,002,322 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Google Chrome.lnk

[2009/12/21 20:55:39 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VTech Kidizoom Plus Photo Editor.lnk

[2009/12/20 11:44:52 | 00,020,677 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\india registration.htm

[2009/12/18 19:26:15 | 00,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2009/12/18 11:40:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\videopadSevenDaysInit.job

[2009/12/18 11:39:55 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk

[2009/12/16 16:54:50 | 00,355,328 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\rate agreement 2010.doc

[2009/12/16 14:17:44 | 00,126,976 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\Sales Dashboard.ppt

[2009/12/16 14:03:17 | 00,162,304 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\IATA - November 2009.xls

[2009/12/11 07:04:19 | 00,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/11 07:04:18 | 00,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/11 07:04:15 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/11 03:02:56 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/10 09:08:43 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk

[2009/12/10 09:08:41 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/12/10 09:08:39 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/12/10 09:08:36 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/12/10 09:08:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/12/10 09:08:22 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/12/10 09:08:22 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/12/10 09:07:58 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/12/10 09:07:57 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/12/08 16:38:58 | 00,108,032 | RHS- | M] () -- C:\WINDOWS\System32\rend1.dll

[2009/12/07 09:36:06 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009/12/06 08:52:28 | 02,029,544 | ---- | M] (TVU networks) -- C:\Documents and Settings\eric\Desktop\PluginInstaller.exe

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/02 10:26:38 | 00,005,031 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\gmerscanlog.rtf

[2010/01/01 20:07:48 | 00,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadDowngrade.job

[2010/01/01 20:07:08 | 00,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Express Burn.lnk

[2009/12/22 21:02:29 | 00,002,322 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\Google Chrome.lnk

[2009/12/22 21:01:19 | 00,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2929568319-3483580704-1314566446-1009UA.job

[2009/12/22 21:01:18 | 00,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2929568319-3483580704-1314566446-1009Core.job

[2009/12/21 21:22:36 | 00,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job

[2009/12/21 20:55:39 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VTech Kidizoom Plus Photo Editor.lnk

[2009/12/20 14:57:54 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/12/20 11:44:50 | 00,020,677 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\india registration.htm

[2009/12/18 19:26:15 | 00,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2009/12/18 11:40:01 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\videopadSevenDaysInit.job

[2009/12/18 11:39:55 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk

[2009/12/18 11:26:25 | 00,000,040 | ---- | C] () -- C:\Auth.prof

[2009/12/16 16:54:50 | 00,355,328 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\rate agreement 2010.doc

[2009/12/16 14:10:51 | 00,126,976 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\Sales Dashboard.ppt

[2009/12/16 13:40:44 | 00,162,304 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\IATA - November 2009.xls

[2009/12/10 09:08:43 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk

[2009/12/10 09:08:22 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/12/10 09:07:58 | 47,347,487 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/12/10 09:07:58 | 00,128,265 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/12/10 09:07:57 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/12/10 09:07:54 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/12/08 16:38:59 | 00,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\NJTGSL.job

[2009/12/08 16:38:58 | 00,108,032 | RHS- | C] () -- C:\WINDOWS\System32\rend1.dll

[2009/12/07 09:36:06 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009/08/09 20:05:11 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/02 11:50:36 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2009/06/02 11:50:35 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2009/06/02 11:50:35 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2009/06/02 11:50:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll

[2009/04/25 12:52:24 | 00,000,103 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/04/18 10:04:49 | 00,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat

[2008/12/13 13:03:11 | 00,696,118 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

[2008/10/05 20:41:26 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/07/03 23:11:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI

[2007/07/03 20:19:49 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2007/07/03 20:18:26 | 00,005,817 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2007/03/27 21:48:14 | 00,000,287 | ---- | C] () -- C:\WINDOWS\XMailer.INI

[2006/12/19 20:36:46 | 00,000,177 | ---- | C] () -- C:\WINDOWS\VEmotion.INI

[2006/06/02 23:25:57 | 17,599,0553 | ---- | C] () -- C:\Program Files\psp_pro9.zip

[2006/05/30 20:16:12 | 08,286,208 | ---- | C] () -- C:\Program Files\WinSPE 1.56 Setup.msi

[2006/05/16 09:18:29 | 03,088,384 | ---- | C] () -- C:\Program Files\proxyway.exe

[2006/04/15 13:30:18 | 00,359,112 | ---- | C] () -- C:\Program Files\LimeWireWin.exe

[2006/03/21 20:38:50 | 00,492,289 | ---- | C] () -- C:\Program Files\impalement.rm

[2006/02/17 14:46:05 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\JSBDOSWS.DLL

[2006/02/17 14:46:05 | 00,008,768 | ---- | C] () -- C:\WINDOWS\System32\mwinsock.dll

[2006/02/17 14:46:05 | 00,004,991 | ---- | C] () -- C:\WINDOWS\System32\VSLDOS.INI

[2006/02/17 14:46:05 | 00,003,016 | ---- | C] () -- C:\WINDOWS\System32\NEWKEY.SYS

[2006/02/09 09:05:32 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2006/02/09 09:05:32 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2006/02/09 09:05:32 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2006/02/09 09:05:32 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2006/02/09 09:05:02 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys

[2006/02/09 08:18:32 | 00,004,991 | ---- | C] () -- C:\WINDOWS\VSLDOS.INI

[2005/08/31 20:43:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/08/31 19:22:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/08/31 19:18:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2005/08/31 19:17:48 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/08/31 19:17:48 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/08/31 19:17:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/08/31 19:17:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/08/31 19:17:48 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/08/31 19:17:48 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/08/31 19:06:42 | 00,000,230 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/08/31 19:04:11 | 00,051,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys

[2005/08/31 19:04:11 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2005/08/31 19:03:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL

[2005/08/31 19:01:59 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2005/08/30 20:55:43 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/08/30 20:32:09 | 00,002,388 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/08/10 21:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/02 12:39:44 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll

[2005/06/20 12:24:48 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll

[2005/06/06 11:44:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll

[2005/06/06 11:39:40 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll

[2003/02/03 12:11:13 | 00,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

FeyenoordTopBoy · January 2, 2010

OTL Extras logfile created on: 02/01/2010 3:28:34 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\eric\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 13.95 Gb Free Space | 24.95% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: FEYENOORD

Current User Name: eric

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Eric Barber\Desktop\teamviewer.exe" = C:\Documents and Settings\Eric Barber\Desktop\teamviewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

sjpritch25 · January 2, 2010

forgot one section for you to check.

Please open otl.exe and make sure the Lop check is checked and then post the log again. Thanks

FeyenoordTopBoy · January 2, 2010

OTL Extras logfile created on: 02/01/2010 3:50:12 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\eric\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 13.94 Gb Free Space | 24.94% Space Free | Partition Type: NTFS