Jump to content

Can't run anything but IE

brat2unow
 Share

Recommended Posts

brat2unow

brat2unow

Posted
Posted

It's late, and I've been reading and trying a number of things, hence I may be a tad incoherent (sorry).

I am running Windows Vista Home Premium and IE 7

I am unable to execute any type of virus, malware, adware software as well as Word, Excel, etc. Only IE it seems.

I have sbybot, adware, avg free all loaded.

Ive been reading this forum and the links to the various solutions:

- I'm infected - What do I do now?, Please follow these instructions to clean your system

- MBAM won't run(Fix), SystemSecurity

- MBAM wont install or will not run.(TDL2 Rootkit-WinNT.Alureon), TDSS/Seneka/UAC/ovfst/kungsf/SKYNET/MSIVX/H8SRT/4DW4R3+ others listed

yet, no matter what software I download, I cannot get it to execute.

Malwarebytes, hijack this and others, per the topics above, won't execute even if downloaded to a usb, then copied and renamed to this computer.

Also Word and Excel won't execute unless I select a document, and then, if necessary, select file/new to create a new doc (such as storing your instructions while I try to execute your recommendations).

Feel like I need to try the download/rename thing again but am unsure which software to start with and if it should run in safe mode?

Rather than continue to beat my head against the wall, I thought perhaps you can guide me through the process, or should I just reload my system? (if so, please offer the general steps, I realize each computer has it's own programs).

Thanks in advance for your help.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello there :P

First of all, no need to panic, before reformatting we have still quite some option left!

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

Hi There -

Thank you for the prompt reply.

I downloaded OTL to my desktop.

When I double click it I get an error message box:

c:\users\xxx\desktop\otl.exe in the title of the page

X Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I am logged on as a user with Administrator permissions, however.

I looked at the properties and it says "this file came from another computer, you might not have permissions to run the file"... I then selected 'unblock', yet still get the above error message.

Also, this morning for the 1st time, on a re-boot, I was getting numerous copies of one particular web page (I have IE set up to open many at once). I believe I had clicked on the page, to read that 1st.

I rebooted and it did not return- yet.

Again, thanks for your help.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Please try to run the following tool. This will check for a particular rootkit that is known to cause these issues.

Download and run Win32kDiag:

  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

[*] Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

[*] When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

[*] Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

I came back to add to the above and see you responded !!

It appears that any program I try to run (including win32kdiag) gives me the above error:

don't have permissions

Hope you are enjoying this challenge on a Monday morning (well, here, at least)..

I need to get some coffee, shall pass some on to you also :P --- or your drink of choice

btw--- should I limit my internet usage from this computer while this problem exists?

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Thanks for the coffee, that always helps (I need at least two cups every morning to be remotely able to do anything) :P

Yes, its a good idea to limit your internet usage, especially sites that require passwords or other sensitive information, until we are sure what we are dealing with.

Lets try this another way. Please note that you will most likely need another computer to create the CD.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist

    [*]Press Run Scan to start the scan.

    [*]When finished, the file will be saved in drive C:\OTL.txt

    [*]Copy this file to your USB drive if you do not have internet connection on this system

    [*]Please post the contents of the OTL.txt file in your reply.

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

I discovered that rather than double click, if I right click and select start, that the program will open and execute.

I therefore started with your first recommendation and ran OTL.

Here is the output from OTL

OTL logfile created on: 3/8/2010 10:51:52 AM - Run 1

OTL by OldTimer - Version 3.1.35.0 Folder = C:\Users\nancy\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 184.84 Gb Total Space | 117.31 Gb Free Space | 63.47% Space Free | Partition Type: NTFS

Drive D: | 4.38 Gb Total Space | 4.09 Gb Free Space | 93.41% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NANCYS-PC

Current User Name: nancy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

PRC - [2010/01/30 21:43:55 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2010/01/26 16:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe

PRC - [2009/09/20 08:34:16 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/09/20 08:34:08 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/09/20 08:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/09/20 08:34:03 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe

PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/18 23:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe

PRC - [2007/12/27 08:02:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/02/02 14:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2007/01/25 17:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe

PRC - [2007/01/25 17:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe

PRC - [2006/12/19 23:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (SafeList) ==========

MOD - [2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

MOD - [2009/09/20 08:34:16 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

MOD - [2008/01/18 23:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/30 03:58:02 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/09/20 08:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2008/12/20 18:10:26 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/08/11 18:14:15 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)

SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/02 14:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/01/25 17:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/01/25 17:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/12/19 23:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)

========== Driver Services (SafeList) ==========

DRV - [2009/09/20 08:34:16 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/09/20 08:34:16 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/07/03 06:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/04/23 07:39:43 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/04/23 07:39:31 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/06/28 19:05:29 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2007/02/06 18:44:14 | 001,739,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/01/26 16:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2007/01/09 10:00:00 | 000,221,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

DRV - [2007/01/03 00:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)

DRV - [2007/01/03 00:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2007/01/03 00:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?sourceid=navclien...UTF-8&hl=en

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/08/06 14:57:56 | 000,319,186 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 10947 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1847724815-547469262-4117742817-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-1847724815-547469262-4117742817-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-mail - Shortcut.lnk = File not found

O4 - Startup: C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\..Trusted Domains: download.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1847724815-547469262-4117742817-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-gb.cab (MSN Photo Upload Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\cf - No CLSID value found

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.342.0\npchrome_frame.dll (@COMPANY_FULLNAME@)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\nancy\Searches\Pictures\Messing Around\25669.jpg

O24 - Desktop BackupWallPaper: C:\Users\nancy\Searches\Pictures\Messing Around\25669.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1291ecdf-7888-11de-bd73-0013e81b4ed7}\Shell - "" = AutoRun

O33 - MountPoints2\{1291ecdf-7888-11de-bd73-0013e81b4ed7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{cdb5cf3d-7edc-11dd-b3e8-00a0d177bfb0}\Shell - "" = AutoRun

O33 - MountPoints2\{cdb5cf3d-7edc-11dd-b3e8-00a0d177bfb0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{cdb5cf48-7edc-11dd-b3e8-00a0d177bfb0}\Shell - "" = AutoRun

O33 - MountPoints2\{cdb5cf48-7edc-11dd-b3e8-00a0d177bfb0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 10:40:33 | 004,940,440 | ---- | C] (Macrovision Corporation) -- C:\Users\nancy\Desktop\IsoBurner-Setup.exe

[2010/03/08 06:23:43 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/07 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\nancy\Documents\Class

[2010/03/07 19:44:57 | 095,829,360 | ---- | C] (AVG Technologies) -- C:\Users\nancy\Desktop\avg_free_stf_all_90_787a2721.exe

[2010/02/24 02:40:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/02/24 02:40:04 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/02/24 02:40:02 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/02/24 02:39:59 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/02/24 02:39:59 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/02/24 02:39:59 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/02/24 02:39:59 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/02/24 02:39:56 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/02/24 02:39:56 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/02/24 02:39:56 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/02/09 22:23:46 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/02/09 22:23:46 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/02/09 22:23:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/02/09 22:23:35 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010/02/09 22:23:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010/02/09 22:23:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010/02/09 22:23:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/08 10:52:01 | 008,388,608 | -HS- | M] () -- C:\Users\nancy\ntuser.dat

[2010/03/08 10:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/08 10:11:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/08 10:11:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/08 10:00:55 | 003,983,447 | ---- | M] () -- C:\Users\nancy\Desktop\Iso-burner.zip

[2010/03/08 09:59:50 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\Desktop\IsoBurner-Setup.exe

[2010/03/08 07:25:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB2D8563-A39C-4C91-AE08-E7C9DC7091C1}.job

[2010/03/08 07:15:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/08 06:52:38 | 000,047,616 | ---- | M] () -- C:\Users\nancy\Desktop\Win32kDiag.exe

[2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/08 06:11:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/08 06:11:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/08 06:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/08 06:10:44 | 3210,797,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/08 06:10:00 | 000,524,288 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TMContainer00000000000000000001.regtrans-ms

[2010/03/08 06:10:00 | 000,065,536 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TM.blf

[2010/03/08 01:59:00 | 056,870,110 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/03/07 21:35:13 | 000,031,744 | ---- | M] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/03/07 19:45:33 | 095,829,360 | ---- | M] (AVG Technologies) -- C:\Users\nancy\Desktop\avg_free_stf_all_90_787a2721.exe

[2010/02/27 08:34:32 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Documents\t thoughts.doc

[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/24 05:26:24 | 000,097,920 | ---- | M] () -- C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 03:21:55 | 000,369,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 10:39:05 | 003,983,447 | ---- | C] () -- C:\Users\nancy\Desktop\Iso-burner.zip

[2010/03/08 06:52:27 | 000,047,616 | ---- | C] () -- C:\Users\nancy\Desktop\Win32kDiag.exe

[2010/03/08 06:10:43 | 3210,797,056 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/07 21:35:13 | 000,031,744 | ---- | C] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/02/27 08:34:31 | 000,025,088 | ---- | C] () -- C:\Users\nancy\Documents\t thoughts.doc

[2009/09/07 17:31:37 | 000,006,456 | -H-- | C] () -- C:\ProgramData\vesikoke

[2008/11/05 19:32:32 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\vhosts

[2008/11/05 19:32:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses

[2008/11/05 19:32:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT

[2008/11/05 19:32:30 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Alerts

[2008/11/03 19:29:16 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\Abstract

[2008/11/03 19:29:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\vhosts

[2008/11/03 19:29:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\Repeat Routines

[2008/11/03 19:25:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT

[2008/11/03 19:19:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers

[2008/11/03 19:19:11 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\Sampler Files

[2008/11/03 19:19:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2008/11/03 19:19:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Soundtrack

[2008/11/03 19:13:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi

[2008/11/03 19:13:45 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\Sample Delay

[2008/11/03 19:13:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2008/11/03 19:13:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Smooth Strings

[2008/08/10 09:23:01 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI

[2008/06/13 17:18:08 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2008/05/27 18:22:29 | 001,895,026 | ---- | C] () -- C:\Windows\System32\nowutils.dll

[2008/02/13 19:21:43 | 000,000,072 | ---- | C] () -- C:\Windows\iltwain.ini

[2008/02/13 19:19:53 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll

[2008/02/13 19:19:53 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll

[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2007/09/11 19:11:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/09/01 11:35:22 | 000,000,292 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\wklnhst.dat

[2007/06/28 18:39:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007/06/28 18:39:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007/06/28 18:39:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007/06/28 18:39:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007/06/28 18:39:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007/06/28 18:39:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007/06/28 16:21:58 | 000,000,680 | ---- | C] () -- C:\Users\nancy\AppData\Local\d3d9caps.dat

[2007/06/25 19:37:28 | 000,027,648 | ---- | C] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/12 10:44:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2007/05/12 10:44:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2007/05/12 10:44:33 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2007/05/12 10:44:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2007/03/30 11:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll

[2007/02/28 12:46:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007/02/28 12:39:56 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 12:39:56 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000001.regtrans-ms

[2007/02/28 12:39:56 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 12:39:55 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 12:39:55 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000001.regtrans-ms

[2007/02/28 12:39:55 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat

[2007/02/28 12:39:55 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 12:39:55 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1

[2007/02/28 12:39:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2

[2007/01/31 16:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll

[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 04:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >

[2010/03/08 10:52:01 | 008,388,608 | -HS- | M] () -- C:\Users\nancy\ntuser.dat

[2010/03/08 10:42:53 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Local\Temp

[2010/03/08 10:00:55 | 003,983,447 | ---- | M] () -- C:\Users\nancy\Desktop\Iso-burner.zip

[2010/03/08 09:59:50 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\Desktop\IsoBurner-Setup.exe

[2010/03/08 07:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Google Updater

[2010/03/08 06:52:38 | 000,047,616 | ---- | M] () -- C:\Users\nancy\Desktop\Win32kDiag.exe

[2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/08 06:10:00 | 000,524,288 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TMContainer00000000000000000001.regtrans-ms

[2010/03/08 06:10:00 | 000,065,536 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TM.blf

[2010/03/07 21:35:13 | 000,031,744 | ---- | M] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/03/07 19:45:33 | 095,829,360 | ---- | M] (AVG Technologies) -- C:\Users\nancy\Desktop\avg_free_stf_all_90_787a2721.exe

[2010/03/07 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\mIRC

[2010/03/04 06:16:38 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\StumbleUpon

[2010/02/27 08:34:32 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Documents\t thoughts.doc

[2010/02/24 05:26:24 | 000,097,920 | ---- | M] () -- C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/10 03:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail

[2010/01/03 15:50:38 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT

[2009/12/09 17:46:14 | 000,006,456 | -H-- | M] () -- C:\ProgramData\vesikoke

[2009/11/26 11:46:47 | 000,027,648 | ---- | M] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/09 08:50:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT

[2009/01/28 22:14:06 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT

[2008/11/05 19:32:33 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLck.DAT

[2008/11/05 19:32:32 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\vhosts

[2008/11/05 19:32:32 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Action Clauses

[2008/11/05 19:32:30 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Alerts

[2008/11/05 19:32:30 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\Abstract

[2008/11/03 19:29:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\vhosts

[2008/11/03 19:29:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\Repeat Routines

[2008/11/03 19:19:11 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Screen Savers

[2008/11/03 19:19:11 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\Sampler Files

[2008/11/03 19:19:11 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Soundtrack

[2008/11/03 19:13:45 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sci-Fi

[2008/11/03 19:13:45 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\Sample Delay

[2008/11/03 19:13:45 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Smooth Strings

[2008/09/18 20:01:08 | 000,000,292 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\wklnhst.dat

[2008/08/10 07:36:07 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2007/06/28 16:23:19 | 000,000,680 | ---- | M] () -- C:\Users\nancy\AppData\Local\d3d9caps.dat

[2007/02/28 12:40:06 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat

[2007/02/28 12:40:06 | 000,005,120 | -H-- | M] () -- C:\ProgramData\ntuser.dat.LOG1

[2007/02/28 12:39:56 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 12:39:56 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000001.regtrans-ms

[2007/02/28 12:39:56 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 12:39:55 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 12:39:55 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000001.regtrans-ms

[2007/02/28 12:39:55 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 12:39:55 | 000,000,000 | -H-- | M] () -- C:\ProgramData\ntuser.dat.LOG2

[2006/11/02 04:35:26 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2006/11/02 04:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 04:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 04:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2010/03/08 10:52:01 | 008,388,608 | -HS- | M] () -- C:\Users\nancy\ntuser.dat

[2010/03/08 10:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/08 10:11:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/08 10:11:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/08 10:00:55 | 003,983,447 | ---- | M] () -- C:\Users\nancy\Desktop\Iso-burner.zip

[2010/03/08 09:59:50 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\Desktop\IsoBurner-Setup.exe

[2010/03/08 07:25:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB2D8563-A39C-4C91-AE08-E7C9DC7091C1}.job

[2010/03/08 07:15:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/08 06:52:38 | 000,047,616 | ---- | M] () -- C:\Users\nancy\Desktop\Win32kDiag.exe

[2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/08 06:11:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/08 06:11:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/08 06:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/08 06:10:44 | 3210,797,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/08 06:10:00 | 000,524,288 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TMContainer00000000000000000001.regtrans-ms

[2010/03/08 06:10:00 | 000,065,536 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TM.blf

[2010/03/08 01:59:00 | 056,870,110 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/03/07 21:35:13 | 000,031,744 | ---- | M] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/03/07 19:45:33 | 095,829,360 | ---- | M] (AVG Technologies) -- C:\Users\nancy\Desktop\avg_free_stf_all_90_787a2721.exe

[2010/02/27 08:34:32 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Documents\t thoughts.doc

[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/24 05:26:24 | 000,097,920 | ---- | M] () -- C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 03:21:55 | 000,369,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< End of report >

[2010/03/08 10:56:09 | 008,388,608 | -HS- | M] () -- C:\Users\nancy\ntuser.dat

[2010/03/08 10:42:53 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Local\Temp

[2010/03/08 10:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/08 10:00:55 | 003,983,447 | ---- | M] () -- C:\Users\nancy\Desktop\Iso-burner.zip

[2010/03/08 09:59:50 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\Desktop\IsoBurner-Setup.exe

[2010/03/08 07:25:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB2D8563-A39C-4C91-AE08-E7C9DC7091C1}.job

[2010/03/08 07:15:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/08 07:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Google Updater

[2010/03/08 06:52:38 | 000,047,616 | ---- | M] () -- C:\Users\nancy\Desktop\Win32kDiag.exe

[2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/08 06:11:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/08 06:11:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/08 06:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/08 06:10:00 | 000,524,288 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TMContainer00000000000000000001.regtrans-ms

[2010/03/08 06:10:00 | 000,065,536 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TM.blf

[2010/03/07 21:35:13 | 000,031,744 | ---- | M] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/03/07 19:45:33 | 095,829,360 | ---- | M] (AVG Technologies) -- C:\Users\nancy\Desktop\avg_free_stf_all_90_787a2721.exe

[2010/03/07 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\mIRC

[2010/03/04 06:16:38 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\StumbleUpon

[2010/02/27 08:34:32 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Documents\t thoughts.doc

[2010/02/24 05:26:24 | 000,097,920 | ---- | M] () -- C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/10 03:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail

[2010/01/03 15:50:38 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT

[2009/12/09 17:46:14 | 000,006,456 | -H-- | M] () -- C:\ProgramData\vesikoke

[2009/11/26 11:46:47 | 000,027,648 | ---- | M] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/09 08:50:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT

[2009/01/28 22:14:06 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT

[2008/11/05 19:32:33 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLck.DAT

[2008/11/05 19:32:32 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\vhosts

[2008/11/05 19:32:32 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Action Clauses

[2008/11/05 19:32:30 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Alerts

[2008/11/05 19:32:30 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\Abstract

[2008/11/03 19:29:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\vhosts

[2008/11/03 19:29:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\Repeat Routines

[2008/11/03 19:19:11 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Screen Savers

[2008/11/03 19:19:11 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\Sampler Files

[2008/11/03 19:19:11 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Soundtrack

[2008/11/03 19:13:45 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sci-Fi

[2008/11/03 19:13:45 | 000,000,268 | RH-- | M] () -- C:\Users\nancy\AppData\Roaming\Sample Delay

[2008/11/03 19:13:45 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Smooth Strings

[2008/09/18 20:01:08 | 000,000,292 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\wklnhst.dat

[2008/08/10 07:36:07 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2007/06/28 16:23:19 | 000,000,680 | ---- | M] () -- C:\Users\nancy\AppData\Local\d3d9caps.dat

[2007/02/28 12:40:06 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat

[2007/02/28 12:40:06 | 000,005,120 | -H-- | M] () -- C:\ProgramData\ntuser.dat.LOG1

[2007/02/28 12:39:56 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 12:39:56 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000001.regtrans-ms

[2007/02/28 12:39:56 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 12:39:55 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 12:39:55 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000001.regtrans-ms

[2007/02/28 12:39:55 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 12:39:55 | 000,000,000 | -H-- | M] () -- C:\ProgramData\ntuser.dat.LOG2

[2006/11/02 04:35:26 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2006/11/02 04:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 04:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 04:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/08 10:56:09 | 008,388,608 | -HS- | M] () -- C:\Users\nancy\ntuser.dat

[2010/03/08 10:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/08 10:11:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/08 10:11:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/08 10:00:55 | 003,983,447 | ---- | M] () -- C:\Users\nancy\Desktop\Iso-burner.zip

[2010/03/08 09:59:50 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\Desktop\IsoBurner-Setup.exe

[2010/03/08 07:25:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB2D8563-A39C-4C91-AE08-E7C9DC7091C1}.job

[2010/03/08 07:15:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/08 06:52:38 | 000,047,616 | ---- | M] () -- C:\Users\nancy\Desktop\Win32kDiag.exe

[2010/03/08 06:23:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/08 06:11:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/08 06:11:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/08 06:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/08 06:10:44 | 3210,797,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/08 06:10:00 | 000,524,288 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TMContainer00000000000000000001.regtrans-ms

[2010/03/08 06:10:00 | 000,065,536 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TM.blf

[2010/03/08 01:59:00 | 056,870,110 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/03/07 21:35:13 | 000,031,744 | ---- | M] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/03/07 19:45:33 | 095,829,360 | ---- | M] (AVG Technologies) -- C:\Users\nancy\Desktop\avg_free_stf_all_90_787a2721.exe

[2010/02/27 08:34:32 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Documents\t thoughts.doc

[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/24 05:26:24 | 000,097,920 | ---- | M] () -- C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 03:21:55 | 000,369,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< End of report >

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

Here is the output from Extras (I wasnt able to post both in the same reply box):

OTL Extras logfile created on: 3/8/2010 10:51:52 AM - Run 1

OTL by OldTimer - Version 3.1.35.0 Folder = C:\Users\nancy\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 184.84 Gb Total Space | 117.31 Gb Free Space | 63.47% Space Free | Partition Type: NTFS

Drive D: | 4.38 Gb Total Space | 4.09 Gb Free Space | 93.41% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NANCYS-PC

Current User Name: nancy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Users\nancy\AppData\Local\Temp\Low\av.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Command Prompt] -- c:\windows\system32\cmd.exe (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1813ADE8-85B8-414E-BEBB-D13802EA757B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2FC4293D-E337-4D1C-87AB-A34683F7BB3F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{33D9E15A-7310-4CC2-A982-2334983028B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3443B32B-8749-4657-9434-F92CE4446D79}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3AFE5EB1-5E69-4AF1-A57C-45702FDD6330}" = lport=2869 | protocol=6 | dir=in | app=system |

"{41CD7D38-BBA7-4FEB-A11F-70972153526A}" = rport=138 | protocol=17 | dir=out | app=system |

"{452609B6-4DDD-4DBF-BB6E-E87514353BC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4A5CDEE5-717E-4524-876E-74AE6477DC0E}" = rport=137 | protocol=17 | dir=out | app=system |

"{5F72091D-2B0F-4477-AB9F-ADAB0D64CE03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{63AFDCBC-0940-46CE-B204-AD7659AF327D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6680B79B-1C07-42A4-9482-CCE3736ED171}" = lport=445 | protocol=6 | dir=in | app=system |

"{6706460D-D913-4A93-8960-2979A5F2F1D8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6D8278AE-307F-47D8-975F-CDB229F97F0E}" = rport=139 | protocol=6 | dir=out | app=system |

"{83B1CE41-6948-4CE1-8740-4AE7C8638E0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8D27CC8A-BED9-4441-A3EC-F99A8963B64A}" = rport=10243 | protocol=6 | dir=out | app=system |

"{94F2C4B9-31A5-487F-BFF5-27FF3BFD1992}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9DDB8F5B-FB52-4548-B024-9D8D8121C054}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A67D34B5-E15A-4489-B9FE-CD349B7E5D91}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BE671831-F141-4DF3-BC0C-A66FF4962D88}" = lport=138 | protocol=17 | dir=in | app=system |

"{BF08044E-F066-4C8F-8AF3-C708AD215F6A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BF3F498E-FDA1-4961-BA97-11FA84A69003}" = rport=2869 | protocol=6 | dir=out | app=system |

"{C542E16F-9A44-47EE-9ADB-774C00B8CCF0}" = lport=137 | protocol=17 | dir=in | app=system |

"{C7DF410C-7E69-4F9B-BBDF-5EBBAF2CE20D}" = rport=445 | protocol=6 | dir=out | app=system |

"{CB67ABBB-297E-418D-BBC2-29C99B49CDFF}" = lport=139 | protocol=6 | dir=in | app=system |

"{D12E06DE-8F66-4456-97CD-9523B90612D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E90D5055-6F0F-4304-8053-C75BA121F713}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F779C102-9C91-4C45-B2BA-57273A36F6A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{007571FC-697F-40A1-8885-27E6479A1CBF}" = protocol=6 | dir=out | app=system |

"{04188E77-B7A1-472B-98DF-7F4923BC2FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0BCBA26D-CA30-4471-AD33-5BFE6A4D0D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{11B18612-BC8F-449B-AF28-C4AFC435B227}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{18C49336-AC51-4EC1-B238-D199635ACBC2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{22A3BA6D-1874-4F81-B2D1-4148DB195791}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2818AFD9-49C5-47DC-9FB1-9BF9F92ADBCB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{37549882-9F64-4F80-83F0-66D0EFE2A282}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe |

"{39E80F8E-51CE-412F-871B-A309A610C349}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3A7D5FE4-87DF-44D1-A5A3-C47F55695C4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{44A19F8A-514F-417C-95FD-82488612B11F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |

"{48DA5C74-7D46-415D-843B-A3D7BE7AFA19}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{4A6A5A8A-FA4C-4345-87CD-DF9FA7CC238F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{5FD40D54-8410-4CE5-BB51-C207D917DA85}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{6365E2F7-7A3C-4179-B0FC-133EEF4A7CC1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{65F1CD8C-BE90-41BE-9A72-0CD146E0BD0B}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{67B10F54-60A0-47EC-9C47-93BBC5805402}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{690690C0-7607-4104-BF62-B24543877492}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6BDACC93-D71A-4ADB-8490-88156AC41256}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{73120CF8-95AD-417A-8923-AE4471300887}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{7A61C34A-8128-40C0-AE38-EE5B26D7FE4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8B1395B1-98FB-4EB6-BC81-A56AD6C159D8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{8C8ECF5D-0589-4E2B-94BF-7BAA299C2D22}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{96D614BA-5447-47B1-A545-9A122A5074F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9AA976B6-5122-4018-84E8-1B255AD68CA5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{9F0812C2-6FA3-4D5A-BFB6-6C5B3A45F861}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{A10282CC-A426-4DC0-B71A-3D428B0ABCFE}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{A28EE70C-EFD7-4877-AFB6-1A18A7C65860}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{A61B3481-62C5-4760-B488-F83077BD1D77}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{A787785C-F163-4AB9-A8A2-9BE0621739E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A87103B2-BE72-4106-93AC-CADCECC63C41}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{ABD35764-655E-45CC-8E0D-0D6524ED42EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{ADAADB29-FFFF-4BBA-955A-069447AF094E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{B26B788E-D721-4228-9450-53309A38F7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BE209921-FAF9-4F49-A629-EA091FC72C7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C3D2861B-A03A-4B54-B47E-246E62282218}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{C9094350-53A1-4902-9898-83656A351D5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{CEA3EB43-66D3-4921-81D5-F1B7FB7ECAE3}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{D04C9CD0-C312-4E56-88E0-128ECA067660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E4D8297F-B2D5-4D8C-A275-26E6FB78A65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E6A4BD82-3EC4-4F5E-90F8-3B703705363C}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe |

"TCP Query User{1847F05A-02D2-4F7D-ABC5-D0760133A60A}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{3CAD9E0C-0D95-4DDC-91E3-F2CDB5F74571}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{4F72FF8A-BEF4-4DEA-99D5-6BD8B63DC50C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{59DC4029-2933-4934-A842-A2866F397460}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{73157670-C286-47B4-B6A5-6801411CF8D9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"TCP Query User{97CE261F-C6B5-4A5F-9A73-94CFFF98635F}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"TCP Query User{B484268F-A0F8-48B5-B5A6-008A06D2AFA0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{C0419933-438D-49BD-BB40-2757A73577B6}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"TCP Query User{CAE6763D-1392-41F5-B7CB-1C87C98D7574}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{F1ABFD14-DCD2-4FF0-BD67-C008A103936B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1749B597-77AE-4E55-A769-F19D02D99A6D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{3A89C362-D528-44CB-A0E2-7671B23D9EB7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{49657478-CDF1-4348-B488-BEF48596E4D7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{62428C83-6931-4CD5-938F-7C617CBB1A24}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{7E6B162C-0924-458E-8525-117FD84F5716}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"UDP Query User{887873C1-DFDB-4766-895D-C0F807769A20}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"UDP Query User{AEDEC330-9B3F-4566-AABF-D06025BBC9AF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"UDP Query User{D1519D75-1B20-4D62-8F4B-222DAB35CC2B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{D50E956D-08D9-4B00-8A34-D8330C2300FB}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"UDP Query User{EBA2ED91-6494-4F64-8A8A-1C45EE42F132}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AVG8Uninstall" = AVG 8.5

"CCleaner" = CCleaner

"Google Chrome Frame" = Google Chrome Frame

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"mIRC" = mIRC

"Registry Mechanic_is1" = Registry Mechanic 6.0

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Users\nancy\AppData\Local\Temp\Low\av.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Command Prompt] -- c:\windows\system32\cmd.exe (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1813ADE8-85B8-414E-BEBB-D13802EA757B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2FC4293D-E337-4D1C-87AB-A34683F7BB3F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{33D9E15A-7310-4CC2-A982-2334983028B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3443B32B-8749-4657-9434-F92CE4446D79}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3AFE5EB1-5E69-4AF1-A57C-45702FDD6330}" = lport=2869 | protocol=6 | dir=in | app=system |

"{41CD7D38-BBA7-4FEB-A11F-70972153526A}" = rport=138 | protocol=17 | dir=out | app=system |

"{452609B6-4DDD-4DBF-BB6E-E87514353BC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4A5CDEE5-717E-4524-876E-74AE6477DC0E}" = rport=137 | protocol=17 | dir=out | app=system |

"{5F72091D-2B0F-4477-AB9F-ADAB0D64CE03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{63AFDCBC-0940-46CE-B204-AD7659AF327D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6680B79B-1C07-42A4-9482-CCE3736ED171}" = lport=445 | protocol=6 | dir=in | app=system |

"{6706460D-D913-4A93-8960-2979A5F2F1D8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6D8278AE-307F-47D8-975F-CDB229F97F0E}" = rport=139 | protocol=6 | dir=out | app=system |

"{83B1CE41-6948-4CE1-8740-4AE7C8638E0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8D27CC8A-BED9-4441-A3EC-F99A8963B64A}" = rport=10243 | protocol=6 | dir=out | app=system |

"{94F2C4B9-31A5-487F-BFF5-27FF3BFD1992}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9DDB8F5B-FB52-4548-B024-9D8D8121C054}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A67D34B5-E15A-4489-B9FE-CD349B7E5D91}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BE671831-F141-4DF3-BC0C-A66FF4962D88}" = lport=138 | protocol=17 | dir=in | app=system |

"{BF08044E-F066-4C8F-8AF3-C708AD215F6A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BF3F498E-FDA1-4961-BA97-11FA84A69003}" = rport=2869 | protocol=6 | dir=out | app=system |

"{C542E16F-9A44-47EE-9ADB-774C00B8CCF0}" = lport=137 | protocol=17 | dir=in | app=system |

"{C7DF410C-7E69-4F9B-BBDF-5EBBAF2CE20D}" = rport=445 | protocol=6 | dir=out | app=system |

"{CB67ABBB-297E-418D-BBC2-29C99B49CDFF}" = lport=139 | protocol=6 | dir=in | app=system |

"{D12E06DE-8F66-4456-97CD-9523B90612D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E90D5055-6F0F-4304-8053-C75BA121F713}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F779C102-9C91-4C45-B2BA-57273A36F6A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{007571FC-697F-40A1-8885-27E6479A1CBF}" = protocol=6 | dir=out | app=system |

"{04188E77-B7A1-472B-98DF-7F4923BC2FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0BCBA26D-CA30-4471-AD33-5BFE6A4D0D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{11B18612-BC8F-449B-AF28-C4AFC435B227}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{18C49336-AC51-4EC1-B238-D199635ACBC2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{22A3BA6D-1874-4F81-B2D1-4148DB195791}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2818AFD9-49C5-47DC-9FB1-9BF9F92ADBCB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{37549882-9F64-4F80-83F0-66D0EFE2A282}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe |

"{39E80F8E-51CE-412F-871B-A309A610C349}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3A7D5FE4-87DF-44D1-A5A3-C47F55695C4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{44A19F8A-514F-417C-95FD-82488612B11F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |

"{48DA5C74-7D46-415D-843B-A3D7BE7AFA19}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{4A6A5A8A-FA4C-4345-87CD-DF9FA7CC238F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{5FD40D54-8410-4CE5-BB51-C207D917DA85}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{6365E2F7-7A3C-4179-B0FC-133EEF4A7CC1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{65F1CD8C-BE90-41BE-9A72-0CD146E0BD0B}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{67B10F54-60A0-47EC-9C47-93BBC5805402}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{690690C0-7607-4104-BF62-B24543877492}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6BDACC93-D71A-4ADB-8490-88156AC41256}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{73120CF8-95AD-417A-8923-AE4471300887}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{7A61C34A-8128-40C0-AE38-EE5B26D7FE4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8B1395B1-98FB-4EB6-BC81-A56AD6C159D8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{8C8ECF5D-0589-4E2B-94BF-7BAA299C2D22}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{96D614BA-5447-47B1-A545-9A122A5074F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9AA976B6-5122-4018-84E8-1B255AD68CA5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{9F0812C2-6FA3-4D5A-BFB6-6C5B3A45F861}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{A10282CC-A426-4DC0-B71A-3D428B0ABCFE}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{A28EE70C-EFD7-4877-AFB6-1A18A7C65860}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{A61B3481-62C5-4760-B488-F83077BD1D77}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{A787785C-F163-4AB9-A8A2-9BE0621739E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A87103B2-BE72-4106-93AC-CADCECC63C41}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{ABD35764-655E-45CC-8E0D-0D6524ED42EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{ADAADB29-FFFF-4BBA-955A-069447AF094E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{B26B788E-D721-4228-9450-53309A38F7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BE209921-FAF9-4F49-A629-EA091FC72C7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C3D2861B-A03A-4B54-B47E-246E62282218}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{C9094350-53A1-4902-9898-83656A351D5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{CEA3EB43-66D3-4921-81D5-F1B7FB7ECAE3}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{D04C9CD0-C312-4E56-88E0-128ECA067660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E4D8297F-B2D5-4D8C-A275-26E6FB78A65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E6A4BD82-3EC4-4F5E-90F8-3B703705363C}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe |

"TCP Query User{1847F05A-02D2-4F7D-ABC5-D0760133A60A}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{3CAD9E0C-0D95-4DDC-91E3-F2CDB5F74571}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{4F72FF8A-BEF4-4DEA-99D5-6BD8B63DC50C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{59DC4029-2933-4934-A842-A2866F397460}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{73157670-C286-47B4-B6A5-6801411CF8D9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"TCP Query User{97CE261F-C6B5-4A5F-9A73-94CFFF98635F}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"TCP Query User{B484268F-A0F8-48B5-B5A6-008A06D2AFA0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{C0419933-438D-49BD-BB40-2757A73577B6}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"TCP Query User{CAE6763D-1392-41F5-B7CB-1C87C98D7574}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{F1ABFD14-DCD2-4FF0-BD67-C008A103936B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1749B597-77AE-4E55-A769-F19D02D99A6D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{3A89C362-D528-44CB-A0E2-7671B23D9EB7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{49657478-CDF1-4348-B488-BEF48596E4D7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{62428C83-6931-4CD5-938F-7C617CBB1A24}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{7E6B162C-0924-458E-8525-117FD84F5716}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"UDP Query User{887873C1-DFDB-4766-895D-C0F807769A20}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"UDP Query User{AEDEC330-9B3F-4566-AABF-D06025BBC9AF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"UDP Query User{D1519D75-1B20-4D62-8F4B-222DAB35CC2B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{D50E956D-08D9-4B00-8A34-D8330C2300FB}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"UDP Query User{EBA2ED91-6494-4F64-8A8A-1C45EE42F132}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AVG8Uninstall" = AVG 8.5

"CCleaner" = CCleaner

"Google Chrome Frame" = Google Chrome Frame

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"mIRC" = mIRC

"Registry Mechanic_is1" = Registry Mechanic 6.0

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Users\nancy\AppData\Local\Temp\Low\av.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Command Prompt] -- c:\windows\system32\cmd.exe (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1813ADE8-85B8-414E-BEBB-D13802EA757B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2FC4293D-E337-4D1C-87AB-A34683F7BB3F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{33D9E15A-7310-4CC2-A982-2334983028B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3443B32B-8749-4657-9434-F92CE4446D79}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3AFE5EB1-5E69-4AF1-A57C-45702FDD6330}" = lport=2869 | protocol=6 | dir=in | app=system |

"{41CD7D38-BBA7-4FEB-A11F-70972153526A}" = rport=138 | protocol=17 | dir=out | app=system |

"{452609B6-4DDD-4DBF-BB6E-E87514353BC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4A5CDEE5-717E-4524-876E-74AE6477DC0E}" = rport=137 | protocol=17 | dir=out | app=system |

"{5F72091D-2B0F-4477-AB9F-ADAB0D64CE03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{63AFDCBC-0940-46CE-B204-AD7659AF327D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6680B79B-1C07-42A4-9482-CCE3736ED171}" = lport=445 | protocol=6 | dir=in | app=system |

"{6706460D-D913-4A93-8960-2979A5F2F1D8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6D8278AE-307F-47D8-975F-CDB229F97F0E}" = rport=139 | protocol=6 | dir=out | app=system |

"{83B1CE41-6948-4CE1-8740-4AE7C8638E0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8D27CC8A-BED9-4441-A3EC-F99A8963B64A}" = rport=10243 | protocol=6 | dir=out | app=system |

"{94F2C4B9-31A5-487F-BFF5-27FF3BFD1992}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9DDB8F5B-FB52-4548-B024-9D8D8121C054}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A67D34B5-E15A-4489-B9FE-CD349B7E5D91}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BE671831-F141-4DF3-BC0C-A66FF4962D88}" = lport=138 | protocol=17 | dir=in | app=system |

"{BF08044E-F066-4C8F-8AF3-C708AD215F6A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BF3F498E-FDA1-4961-BA97-11FA84A69003}" = rport=2869 | protocol=6 | dir=out | app=system |

"{C542E16F-9A44-47EE-9ADB-774C00B8CCF0}" = lport=137 | protocol=17 | dir=in | app=system |

"{C7DF410C-7E69-4F9B-BBDF-5EBBAF2CE20D}" = rport=445 | protocol=6 | dir=out | app=system |

"{CB67ABBB-297E-418D-BBC2-29C99B49CDFF}" = lport=139 | protocol=6 | dir=in | app=system |

"{D12E06DE-8F66-4456-97CD-9523B90612D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E90D5055-6F0F-4304-8053-C75BA121F713}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F779C102-9C91-4C45-B2BA-57273A36F6A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{007571FC-697F-40A1-8885-27E6479A1CBF}" = protocol=6 | dir=out | app=system |

"{04188E77-B7A1-472B-98DF-7F4923BC2FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0BCBA26D-CA30-4471-AD33-5BFE6A4D0D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{11B18612-BC8F-449B-AF28-C4AFC435B227}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{18C49336-AC51-4EC1-B238-D199635ACBC2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{22A3BA6D-1874-4F81-B2D1-4148DB195791}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2818AFD9-49C5-47DC-9FB1-9BF9F92ADBCB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{37549882-9F64-4F80-83F0-66D0EFE2A282}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe |

"{39E80F8E-51CE-412F-871B-A309A610C349}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3A7D5FE4-87DF-44D1-A5A3-C47F55695C4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{44A19F8A-514F-417C-95FD-82488612B11F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |

"{48DA5C74-7D46-415D-843B-A3D7BE7AFA19}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{4A6A5A8A-FA4C-4345-87CD-DF9FA7CC238F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{5FD40D54-8410-4CE5-BB51-C207D917DA85}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"{6365E2F7-7A3C-4179-B0FC-133EEF4A7CC1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{65F1CD8C-BE90-41BE-9A72-0CD146E0BD0B}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{67B10F54-60A0-47EC-9C47-93BBC5805402}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{690690C0-7607-4104-BF62-B24543877492}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6BDACC93-D71A-4ADB-8490-88156AC41256}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{73120CF8-95AD-417A-8923-AE4471300887}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{7A61C34A-8128-40C0-AE38-EE5B26D7FE4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8B1395B1-98FB-4EB6-BC81-A56AD6C159D8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{8C8ECF5D-0589-4E2B-94BF-7BAA299C2D22}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{96D614BA-5447-47B1-A545-9A122A5074F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9AA976B6-5122-4018-84E8-1B255AD68CA5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{9F0812C2-6FA3-4D5A-BFB6-6C5B3A45F861}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{A10282CC-A426-4DC0-B71A-3D428B0ABCFE}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{A28EE70C-EFD7-4877-AFB6-1A18A7C65860}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{A61B3481-62C5-4760-B488-F83077BD1D77}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{A787785C-F163-4AB9-A8A2-9BE0621739E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A87103B2-BE72-4106-93AC-CADCECC63C41}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{ABD35764-655E-45CC-8E0D-0D6524ED42EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{ADAADB29-FFFF-4BBA-955A-069447AF094E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{B26B788E-D721-4228-9450-53309A38F7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BE209921-FAF9-4F49-A629-EA091FC72C7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C3D2861B-A03A-4B54-B47E-246E62282218}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{C9094350-53A1-4902-9898-83656A351D5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{CEA3EB43-66D3-4921-81D5-F1B7FB7ECAE3}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{D04C9CD0-C312-4E56-88E0-128ECA067660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E4D8297F-B2D5-4D8C-A275-26E6FB78A65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E6A4BD82-3EC4-4F5E-90F8-3B703705363C}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe |

"TCP Query User{1847F05A-02D2-4F7D-ABC5-D0760133A60A}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{3CAD9E0C-0D95-4DDC-91E3-F2CDB5F74571}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{4F72FF8A-BEF4-4DEA-99D5-6BD8B63DC50C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{59DC4029-2933-4934-A842-A2866F397460}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{73157670-C286-47B4-B6A5-6801411CF8D9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"TCP Query User{97CE261F-C6B5-4A5F-9A73-94CFFF98635F}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"TCP Query User{B484268F-A0F8-48B5-B5A6-008A06D2AFA0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{C0419933-438D-49BD-BB40-2757A73577B6}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"TCP Query User{CAE6763D-1392-41F5-B7CB-1C87C98D7574}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{F1ABFD14-DCD2-4FF0-BD67-C008A103936B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1749B597-77AE-4E55-A769-F19D02D99A6D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{3A89C362-D528-44CB-A0E2-7671B23D9EB7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{49657478-CDF1-4348-B488-BEF48596E4D7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{62428C83-6931-4CD5-938F-7C617CBB1A24}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{7E6B162C-0924-458E-8525-117FD84F5716}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

"UDP Query User{887873C1-DFDB-4766-895D-C0F807769A20}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"UDP Query User{AEDEC330-9B3F-4566-AABF-D06025BBC9AF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

"UDP Query User{D1519D75-1B20-4D62-8F4B-222DAB35CC2B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{D50E956D-08D9-4B00-8A34-D8330C2300FB}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"UDP Query User{EBA2ED91-6494-4F64-8A8A-1C45EE42F132}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AVG8Uninstall" = AVG 8.5

"CCleaner" = CCleaner

"Google Chrome Frame" = Google Chrome Frame

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"mIRC" = mIRC

"Registry Mechanic_is1" = Registry Mechanic 6.0

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1847724815-547469262-4117742817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello ,

I notice the presence of Registry Mechanic Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.

Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.

The point we are trying to make is that the risk of using one far outweighs any benefit.

If it does work perfectly you will not see any difference

If it doesn't work properly you may end up with an expensive doorstop.

http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html

http://forums.whatthetech.com/Regcleaner_t42862.html

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:

  • Combofix.txt

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

Hi Elisa-

I am sooo sorry I did not make it back here to thank you for your help.

I actually returned and wrote a post- apparently, never hit 'reply' however

After running Malwarebytes things seem to be ok. The basic issue I have atm is that

IE opens to an MSN page and no matter how many times change my home page group or turn off

auto-complete, when I log back in, MSN comes up and auto-complete continues to prompt me. I am

thinking this is 'operator error' at this point- having relied too long on my customized view of things.

I did notice that a few startup programs had been disabled, but I left those and disabled a couple of more.

Thanks for providing so many options to help me out. Much appreciated as were (especially, even !) your very prompt replies.

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

Sorry Elisa -

Life has been hectic. Here is the OTL Log:

OTL logfile created on: 3/20/2010 9:41:24 AM - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\nancy\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 184.84 Gb Total Space | 121.44 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NANCYS-PC

Current User Name: nancy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/20 09:41:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

PRC - [2010/03/17 16:46:26 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010/01/30 22:43:55 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2010/01/26 17:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe

PRC - [2009/09/20 09:34:16 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/09/20 09:34:08 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/09/20 09:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/09/20 09:34:03 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe

PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2008/01/19 00:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe

PRC - [2007/12/27 09:02:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/02/13 09:30:24 | 000,405,504 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

PRC - [2007/02/12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

PRC - [2007/02/06 18:50:08 | 004,374,528 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/02/02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe

PRC - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe

PRC - [2006/12/20 00:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

PRC - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2004/05/27 10:45:54 | 000,487,936 | ---- | M] (Now Software) -- C:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe

PRC - [2004/05/27 10:45:52 | 000,584,192 | ---- | M] (Now Software) -- C:\Program Files\Now Software\Now Contact\QuickCTW.exe

========== Modules (SafeList) ==========

MOD - [2010/03/20 09:41:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/14 09:56:55 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/09/20 09:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2008/12/20 19:10:26 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/08/11 19:14:15 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)

SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)

========== Driver Services (SafeList) ==========

DRV - [2009/09/20 09:34:16 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/09/20 09:34:16 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/07/03 07:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/04/23 08:39:43 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/04/23 08:39:31 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/06/28 20:05:29 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2007/02/06 19:44:14 | 001,739,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/01/26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/01/24 15:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2007/01/09 11:00:00 | 000,221,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

DRV - [2007/01/03 01:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)

DRV - [2007/01/03 01:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2007/01/03 01:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?sourceid=navclien...UTF-8&hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.getpersonas.com/en-US/persona/64769|http://support.mozilla.com/en-US/kb/How+to+set+the+home+page#Setting_the_home_page|https://mail.google.com/mail/?shva=1#inbox|http://online.santarosa.edu/section/?11024|http://online.santarosa.edu/presentation/page/?1207|http://apps.facebook.com/lexulous/"

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 19:45:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/16 14:55:03 | 000,000,000 | ---D | M]

[2010/03/15 19:46:25 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions

[2010/03/19 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\vr8o7dhm.default\extensions

[2010/03/16 05:51:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\vr8o7dhm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/15 19:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/06 15:57:56 | 000,319,186 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 10947 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.356.0\npchrome_frame.dll (@COMPANY_FULLNAME@)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: download.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-gb.cab (MSN Photo Upload Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\cf - No CLSID value found

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.356.0\npchrome_frame.dll (@COMPANY_FULLNAME@)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\nancy\Searches\Pictures\Messing Around\25669.jpg

O24 - Desktop BackupWallPaper: C:\Users\nancy\Searches\Pictures\Messing Around\25669.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{cdb5cf48-7edc-11dd-b3e8-00a0d177bfb0}\Shell - "" = AutoRun

O33 - MountPoints2\{cdb5cf48-7edc-11dd-b3e8-00a0d177bfb0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 09:40:44 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/15 19:46:01 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\Mozilla

[2010/03/15 19:46:01 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\Mozilla

[2010/03/15 19:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox

[2010/03/15 19:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/03/15 19:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/03/15 19:11:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/03/15 19:11:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/03/15 19:11:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/03/15 19:11:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/03/10 04:00:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/03/10 04:00:53 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/03/08 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\Malwarebytes

[2010/03/08 18:40:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/08 18:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/03/08 18:40:27 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/03/08 18:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/08 14:21:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/03/08 14:21:10 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\temp

[2010/03/08 14:05:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/03/08 14:05:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/03/08 14:05:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/03/08 14:05:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/03/08 14:04:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/08 14:04:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/03/07 21:34:18 | 000,000,000 | ---D | C] -- C:\Users\nancy\Documents\Class

[2010/02/24 03:40:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/02/24 03:40:04 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/02/24 03:40:02 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/02/24 03:39:59 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/02/24 03:39:59 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/02/24 03:39:59 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/02/24 03:39:59 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/02/24 03:39:56 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/02/24 03:39:56 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/02/24 03:39:56 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 09:49:57 | 008,388,608 | -HS- | M] () -- C:\Users\nancy\ntuser.dat

[2010/03/20 09:46:38 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/20 09:46:38 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/20 09:41:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe

[2010/03/20 09:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/20 09:12:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/20 07:53:14 | 000,799,550 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/20 07:53:14 | 000,671,734 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/20 07:53:14 | 000,131,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/20 07:47:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/20 07:46:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/20 07:46:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/20 07:46:18 | 3210,797,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/19 22:42:56 | 000,524,288 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TMContainer00000000000000000001.regtrans-ms

[2010/03/19 22:42:56 | 000,065,536 | -HS- | M] () -- C:\Users\nancy\ntuser.dat{1c9f2a60-7002-11de-8daf-0013e81b4ed7}.TM.blf

[2010/03/19 22:42:52 | 002,280,565 | -H-- | M] () -- C:\Users\nancy\AppData\Local\IconCache.db

[2010/03/19 20:14:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB2D8563-A39C-4C91-AE08-E7C9DC7091C1}.job

[2010/03/19 17:59:09 | 057,396,646 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/03/16 05:42:47 | 000,000,162 | -H-- | M] () -- C:\Users\nancy\Desktop\~$BANOUTFITTERS10K.rtf

[2010/03/15 20:02:45 | 000,028,160 | ---- | M] () -- C:\Users\nancy\Desktop\Urban Bal Sheet- Detail.xls

[2010/03/15 19:51:01 | 000,075,264 | ---- | M] () -- C:\Users\nancy\Desktop\AE URBN FIN stmts - bruce.xls

[2010/03/15 19:11:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/03/15 19:11:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/03/15 19:11:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/03/15 19:11:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/03/15 06:11:12 | 000,025,030 | ---- | M] () -- C:\Users\nancy\Desktop\FLEMING%20HEALTH%20CARE%20RESOLUTION.pdf

[2010/03/15 06:09:58 | 000,024,576 | ---- | M] () -- C:\Users\nancy\Desktop\Health%20Care%20letter[1].doc

[2010/03/15 06:03:52 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Desktop\Acctng Project #2 Questions.doc

[2010/03/15 05:46:32 | 001,308,142 | ---- | M] () -- C:\Users\nancy\Desktop\URBANOUTFITTERS10K.rtf

[2010/03/15 05:43:41 | 000,754,176 | ---- | M] () -- C:\Users\nancy\Desktop\AEO Ann Rpt.xls

[2010/03/15 05:40:49 | 002,014,459 | ---- | M] () -- C:\Users\nancy\Desktop\AMERICANEAGLEOU10K.rtf

[2010/03/10 04:06:52 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini

[2010/03/08 18:40:33 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/08 14:16:43 | 000,000,231 | ---- | M] () -- C:\Windows\system.ini

[2010/03/08 14:06:34 | 000,009,188 | -HS- | M] () -- C:\Users\nancy\AppData\Local\omn2MB67

[2010/03/07 22:35:13 | 000,031,744 | ---- | M] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/02/27 09:34:32 | 000,025,088 | ---- | M] () -- C:\Users\nancy\Documents\t thoughts.doc

[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/24 06:26:24 | 000,097,920 | ---- | M] () -- C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 04:21:55 | 000,369,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/02/20 16:39:35 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/02/20 16:37:20 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/16 05:42:47 | 000,000,162 | -H-- | C] () -- C:\Users\nancy\Desktop\~$BANOUTFITTERS10K.rtf

[2010/03/15 20:02:45 | 000,028,160 | ---- | C] () -- C:\Users\nancy\Desktop\Urban Bal Sheet- Detail.xls

[2010/03/15 19:55:50 | 000,075,264 | ---- | C] () -- C:\Users\nancy\Desktop\AE URBN FIN stmts - bruce.xls

[2010/03/15 06:11:12 | 000,025,030 | ---- | C] () -- C:\Users\nancy\Desktop\FLEMING%20HEALTH%20CARE%20RESOLUTION.pdf

[2010/03/15 06:09:57 | 000,024,576 | ---- | C] () -- C:\Users\nancy\Desktop\Health%20Care%20letter[1].doc

[2010/03/15 06:03:52 | 000,025,088 | ---- | C] () -- C:\Users\nancy\Desktop\Acctng Project #2 Questions.doc

[2010/03/15 05:46:19 | 001,308,142 | ---- | C] () -- C:\Users\nancy\Desktop\URBANOUTFITTERS10K.rtf

[2010/03/15 05:41:48 | 000,754,176 | ---- | C] () -- C:\Users\nancy\Desktop\AEO Ann Rpt.xls

[2010/03/15 05:40:31 | 002,014,459 | ---- | C] () -- C:\Users\nancy\Desktop\AMERICANEAGLEOU10K.rtf

[2010/03/08 18:40:33 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/08 14:05:24 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe

[2010/03/08 14:05:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/03/08 14:05:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/03/08 14:05:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/03/08 14:05:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/03/08 14:04:35 | 000,009,188 | -HS- | C] () -- C:\Users\nancy\AppData\Local\omn2MB67

[2010/03/08 07:10:43 | 3210,797,056 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/07 22:35:13 | 000,031,744 | ---- | C] () -- C:\Users\nancy\Documents\MAlware bytes instructions.doc

[2010/02/27 09:34:31 | 000,025,088 | ---- | C] () -- C:\Users\nancy\Documents\t thoughts.doc

[2009/09/07 18:31:37 | 000,006,456 | -H-- | C] () -- C:\ProgramData\vesikoke

[2008/11/05 20:32:32 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\vhosts

[2008/11/05 20:32:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses

[2008/11/05 20:32:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT

[2008/11/05 20:32:30 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Alerts

[2008/11/03 20:29:16 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\Abstract

[2008/11/03 20:29:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\vhosts

[2008/11/03 20:29:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\Repeat Routines

[2008/11/03 20:25:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT

[2008/11/03 20:19:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers

[2008/11/03 20:19:11 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\Sampler Files

[2008/11/03 20:19:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2008/11/03 20:19:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Soundtrack

[2008/11/03 20:13:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi

[2008/11/03 20:13:45 | 000,000,268 | RH-- | C] () -- C:\Users\nancy\AppData\Roaming\Sample Delay

[2008/11/03 20:13:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2008/11/03 20:13:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Smooth Strings

[2008/08/10 10:23:01 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI

[2008/06/13 18:18:08 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2008/05/27 19:22:29 | 001,895,026 | ---- | C] () -- C:\Windows\System32\nowutils.dll

[2008/02/13 20:21:43 | 000,000,072 | ---- | C] () -- C:\Windows\iltwain.ini

[2008/02/13 20:19:53 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll

[2008/02/13 20:19:53 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll

[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2007/09/11 20:11:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/09/01 12:35:22 | 000,000,292 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\wklnhst.dat

[2007/06/28 19:39:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007/06/28 19:39:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007/06/28 19:39:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007/06/28 19:39:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007/06/28 19:39:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007/06/28 19:39:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007/06/28 17:21:58 | 000,000,680 | ---- | C] () -- C:\Users\nancy\AppData\Local\d3d9caps.dat

[2007/06/25 20:37:28 | 000,027,648 | ---- | C] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/12 11:44:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2007/05/12 11:44:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2007/05/12 11:44:33 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2007/05/12 11:44:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2007/03/30 12:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll

[2007/02/28 13:46:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007/02/28 13:39:56 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 13:39:56 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b19-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 13:39:55 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TMContainer00000000000000000002.regtrans-ms

[2007/02/28 13:39:55 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat

[2007/02/28 13:39:55 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{03e71b09-c763-11db-a603-00a0d1df23e9}.TM.blf

[2007/02/28 13:39:55 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1

[2007/02/28 13:39:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2

[2007/01/31 17:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll

[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello again,

First of all, I notice two programs that are outdated: please install the latest versions for AVG (AVG9) and Adobe Acrobat (9.3). You can download these versions on the product sites.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O15 - HKCU\..Trusted Domains: download.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Afterwards, let me know how everything is behaving.

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

Hi Elisa=

Just got back here again. Things have been crazy. I will try to run the updates and the OTL fix with the code you provided within the next couple of days. I doubt I will have time tomorrow; Thurs looks better.

Just wanted to let you know I'm quiet, but not ignoring you and all your help.

Thanks so much !

Link to post
Share on other sites
brat2unow

brat2unow

Posted
  • Author
Posted

Here you go ...

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.com\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41703 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: nancy

->Temp folder emptied: 93270445 bytes

->Temporary Internet Files folder emptied: 100969659 bytes

->Java cache emptied: 39787829 bytes

->FireFox cache emptied: 63802693 bytes

->Flash cache emptied: 55432 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 394491891 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 548545125 bytes

Total Files Cleaned = 1,183.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 03252010_213315

Files\Folders moved on Reboot...

File\Folder C:\Users\nancy\AppData\Local\Temp\Low\~DF23EF.tmp not found!

File\Folder C:\Users\nancy\AppData\Local\Temp\Low\~DF23F5.tmp not found!

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BC5HK7U\index[3].htm moved successfully.

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XQTZI24\Include[1].htm moved successfully.

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XQTZI24\Sync[1].htm moved successfully.

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MY4D6GS\01[2].htm moved successfully.

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MY4D6GS\iframe[2].htm moved successfully.

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1N7EXZUS\msn_com[3].htm moved successfully.

C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello, please let me know if you have any problems left.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    4. Check esetAcceptTerms.png
    5. Click the esetStart.png button.
    6. Accept any security warnings from your browser.
    7. Check esetScanArchives.png
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    12. Push the esetBack.png button.
    13. Push esetFinish.png

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept