Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engines keep redirecting


  • This topic is locked This topic is locked
11 replies to this topic

#1 csloan8

csloan8

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 April 2011 - 10:19 PM

I can't get to any pages that are parsed in a search engine or links that are the result of a search. If i type the link directly into the address bar there are no issues. I noticed the problem getting progressively worse. The problem started with a babylon pop-up and subsequent software being installed on this machine without any prompt; also pic 7 (or 7 pic software) was also installed without any input from myself. When these two pieces of software were being installed and uninstalled (by myself) there were also pop-ups that were 2.exe that kept coming up. After uninstalling these 2 pieces of software this machine started with the redirects.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bubba at 21:17:50.03 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.457 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Bubba\Local Settings\Temporary Internet Files\Content.IE5\Y1E9K0N2\HijackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Bubba\LOCALS~1\Temp\Hzh.exe
C:\Documents and Settings\Bubba\Local Settings\Temporary Internet Files\Content.IE5\DK8L7Q72\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Google] c:\documents and settings\bubba\application data\GD1.exe
uRun: [D1T2EUR7FZ] c:\docume~1\bubba\locals~1\temp\Hzh.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\bubba\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2008-5-2 188456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2011-04-23 14:58:49 -------- d-----w- c:\docume~1\bubba\applic~1\BabylonToolbar
2011-04-23 08:19:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-04-23 08:06:35 162304 ----a-w- c:\windows\Hcazya.exe
2011-04-23 08:06:14 98304 --sha-r- c:\windows\system32\wzcsapil.dll
2011-04-23 07:51:52 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-23 07:51:52 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-23 07:51:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-04-23 07:51:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-04-23 07:51:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-04-23 07:51:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-04-23 07:51:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-04-23 07:51:41 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-04-22 06:11:42 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{4619545d-7e43-40a3-993a-0f477e8b8bf0}\mpengine.dll
2011-04-15 19:18:58 398760 ----a-r- c:\windows\cpnprt2.cid
2011-04-15 19:18:58 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-04-15 19:18:51 -------- d-----w- c:\program files\Coupons
2011-04-09 21:08:35 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-09 21:08:35 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-09 21:08:35 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-09 21:08:34 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-07 19:03:30 -------- d-----w- c:\program files\common files\Crystal Decisions
2011-04-07 19:02:51 -------- d-----w- C:\SLAP1_4
2011-04-07 19:01:17 103744 ----a-w- c:\windows\system32\MSCOMM32.OCX
2011-04-07 18:59:00 94208 ----a-w- c:\windows\system32\VFzip.ocx
2011-04-07 18:59:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-04-07 18:59:00 860160 ----a-w- c:\windows\system32\ccsdk32.dll
2011-04-07 18:59:00 53248 ----a-w- c:\windows\system32\U2FSEPV.DLL
2011-04-07 18:59:00 45056 ----a-w- c:\windows\system32\U2DDISK.DLL
2011-04-07 18:59:00 223232 ----a-w- c:\windows\system32\U2FHTML.DLL
2011-04-07 18:59:00 133120 ----a-w- c:\windows\system32\p2sevt.dll
2011-04-07 18:59:00 125952 ----a-w- c:\windows\system32\U2FXLS.DLL
2011-04-07 18:59:00 118272 ----a-w- c:\windows\system32\U2FWORDW.DLL
2011-04-07 18:58:58 154112 ----a-w- c:\windows\system32\P2SODBC.DLL
2011-04-07 18:58:56 122880 ----a-w- c:\windows\system32\p2smon.dll
2011-04-07 18:56:24 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-04-07 18:56:24 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL
2011-04-07 18:56:23 89600 ----a-w- c:\windows\system32\Mscal.ocx
2011-04-07 18:56:23 54784 ----a-w- c:\windows\system32\INETWH32.dll
2011-04-07 18:56:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2011-04-07 18:56:23 420864 ----a-w- c:\windows\system32\Dforrt.dll
2011-04-07 18:56:23 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-04-07 18:55:45 245760 ----a-w- c:\windows\system32\Vsocx6.ocx
2011-04-07 18:55:45 207360 ----a-w- c:\windows\system32\Vsflex3.ocx
2011-04-07 18:55:45 200704 ----a-w- c:\windows\system32\Threed32.ocx
2011-04-07 18:55:44 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2011-04-07 18:55:44 140288 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-04-07 18:55:44 115920 ----a-w- c:\windows\system32\Msinet.ocx
2011-04-07 18:41:24 -------- d-----w- C:\PFPS
2011-04-07 18:41:17 57344 ----a-w- c:\windows\system32\ADsSecurity.dll
2011-04-07 18:41:17 40448 ----a-w- c:\windows\system32\regobj.dll
2011-04-07 18:41:17 34304 ----a-w- c:\windows\system32\NTSVC.ocx
2011-04-07 18:41:17 32768 ----a-w- c:\windows\system32\Banner_Service.exe
2011-04-07 18:41:17 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-04-07 18:41:17 -------- d-----w- c:\program files\Banner_Service
2011-04-07 18:40:26 306688 ----a-w- c:\windows\IsUninst.exe
2011-04-02 12:47:35 -------- d-----w- c:\windows\system32\Adobe
2011-04-02 12:40:33 -------- d-----w- c:\docume~1\bubba\locals~1\applic~1\Temp
2011-04-02 12:36:04 -------- d-----w- c:\docume~1\bubba\locals~1\applic~1\Adobe
2011-04-01 20:04:00 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-01 20:03:40 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-01 20:03:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-01 20:03:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-01 20:03:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-01 20:03:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-01 20:03:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-01 20:03:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-01 20:03:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-01 20:03:28 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-01 20:03:28 -------- d-----w- C:\881712aa1a36b4b4e0
2011-03-31 23:30:32 -------- d-----w- C:\CloneDVDTemp
2011-03-28 21:18:48 32768 ----a-w- c:\docume~1\bubba\applic~1\GD1.exe
2011-03-27 22:09:53 -------- d-----w- c:\windows\system32\appmgmt
2011-03-27 21:46:28 -------- d-----w- c:\program files\MSXML 4.0
2011-03-27 20:59:33 -------- d-----w- c:\docume~1\bubba\locals~1\applic~1\Qurb4
2011-03-27 14:06:52 95568 ----a-w- c:\windows\system32\Vetredir.dll
2011-03-27 14:06:52 202064 ----a-w- c:\windows\system32\Isafprod.dll
2011-03-27 14:06:52 128336 ----a-w- c:\windows\system32\Isafeif.dll
2011-03-27 14:06:50 7 ----a-w- c:\windows\system32\mkghj.dll
2011-03-27 14:06:26 -------- d-----w- c:\windows\rnapxs
2011-03-27 02:54:24 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-27 02:54:24 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-27 02:53:51 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-27 02:53:25 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-27 02:51:22 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-26 14:58:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-26 14:58:46 215920 ----a-w- c:\windows\system32\muweb.dll
2011-03-26 14:58:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-26 14:42:54 -------- d-----w- c:\program files\common files\ActivIdentity
2011-03-26 14:42:54 -------- d-----w- c:\program files\ActivIdentity
2011-03-26 14:23:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Elaborate Bytes
2011-03-26 14:16:30 -------- d-----w- c:\program files\Elaborate Bytes
2011-03-26 14:15:32 -------- d-----w- c:\program files\SlySoft
2011-03-26 04:16:51 -------- d-----w- c:\windows\system32\scripting
2011-03-26 04:16:51 -------- d-----w- c:\windows\l2schemas
2011-03-26 04:16:50 -------- d-----w- c:\windows\system32\en
2011-03-26 04:16:50 -------- d-----w- c:\windows\system32\bits
2011-03-26 04:13:53 -------- d-----w- c:\windows\network diagnostic
2011-03-26 04:04:48 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-03-26 04:04:48 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-03-26 04:04:23 -------- d-sh--w- c:\documents and settings\bubba\IECompatCache
2011-03-26 04:03:56 -------- d-sh--w- c:\documents and settings\bubba\PrivacIE
2011-03-26 04:03:11 -------- d-sh--w- c:\documents and settings\bubba\IETldCache
2011-03-26 03:58:30 -------- d-----w- c:\windows\ie8updates
2011-03-26 03:58:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-26 03:58:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-26 03:58:13 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-26 03:58:13 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-26 03:58:13 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-26 03:58:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-26 03:58:12 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-03-26 03:56:49 -------- dc-h--w- c:\windows\ie8
2011-03-26 03:49:08 -------- d-----w- c:\windows\ServicePackFiles
2011-03-26 03:43:48 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-26 03:43:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-26 03:42:58 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-26 03:42:58 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-26 03:41:53 -------- d-----w- c:\program files\iPod
2011-03-26 03:41:50 -------- d-----w- c:\program files\iTunes
2011-03-26 03:41:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-26 03:41:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-26 03:41:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-26 03:41:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-26 03:41:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-26 03:41:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-26 03:41:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-26 03:41:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-26 03:39:56 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2011-03-26 03:39:56 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2011-03-26 03:39:56 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2011-03-26 03:27:46 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-03-26 03:25:15 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-03-26 03:25:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-03-26 03:25:08 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-03-26 03:25:03 -------- d-sh--w- c:\documents and settings\bubba\UserData
2011-03-26 03:25:02 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-03-26 03:24:59 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-26 03:24:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-03-26 03:24:43 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-03-26 03:24:43 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-03-26 03:24:35 23040 ------w- c:\windows\kb913800.exe
2011-03-26 03:23:55 -------- d-----w- c:\docume~1\bubba\locals~1\applic~1\PowerDVD DX
2011-03-26 03:23:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2011-03-26 03:22:51 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-03-26 03:22:51 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-03-26 03:22:51 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-03-26 03:22:50 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-03-26 03:22:47 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-03-26 03:22:35 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-03-26 03:22:34 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-03-26 03:22:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-26 03:22:03 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-03-26 03:18:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-26 03:18:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 03:17:19 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-03-26 03:17:19 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-26 03:09:53 -------- d-----w- c:\windows\system32\PreInstall
2011-03-26 03:09:03 -------- d-----w- c:\windows\SHELLNEW
2011-03-26 03:08:47 -------- d-----w- c:\docume~1\bubba\locals~1\applic~1\Microsoft Help
2011-03-26 03:06:36 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-03-26 03:05:26 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-03-26 03:03:20 61440 ----a-w- c:\windows\system32\KPower.dll
2011-03-26 03:03:20 307200 ----a-w- c:\windows\system32\BMAPI.dll
2011-03-26 03:03:20 172032 ----a-w- c:\windows\system32\NicConfigSvc.cpl
2011-03-26 03:03:07 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2011-03-26 03:01:56 666 ----a-w- c:\windows\speed.reg
2011-03-26 03:01:51 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-03-26 03:01:51 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-03-26 03:01:51 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-03-26 03:01:51 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-03-26 03:01:51 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-03-26 03:01:51 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-03-26 03:01:51 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-03-26 03:00:49 -------- d-----w- c:\docume~1\bubba\locals~1\applic~1\{3248F0A6-6813-11D6-A77B-00B0D0150060}
.
==================== Find3M ====================
.
2011-03-17 22:29:26 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 02:08:13 93552 ------w- c:\windows\system32\ElbyCDIO.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2010-03-05 14:37:40 65536 --sha-w- c:\windows\system32\asycfilt.dll
2004-08-10 11:00:00 3584 --sha-w- c:\windows\system32\comcat.dll
2008-04-14 00:12:00 1384479 --sha-w- c:\windows\system32\msvbvm60.dll
2008-04-14 00:12:02 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
.
============= FINISH: 21:19:26.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:28 PM

Posted 01 May 2011 - 08:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 csloan8

csloan8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 01 May 2011 - 09:27 AM

OTL logfile created on: 5/1/2011 10:19:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bubba\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 99.79 Gb Free Space | 66.95% Space Free | Partition Type: NTFS
Drive F: | 7.43 Gb Total Space | 3.83 Gb Free Space | 51.55% Space Free | Partition Type: FAT32

Computer Name: BUBBAS | User Name: Bubba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 10:17:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bubba\My Documents\OTL.exe
PRC - [2011/03/07 09:48:19 | 004,886,136 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2008/05/02 15:44:42 | 000,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/05/02 15:44:42 | 000,094,000 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008/05/02 15:44:40 | 000,294,440 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/05/02 15:44:40 | 000,188,456 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 10:17:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bubba\My Documents\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/04 14:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2006/08/03 19:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/13 18:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008/05/02 15:44:40 | 000,188,456 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/01 15:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/17 09:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 19:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 18:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 20:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2002/08/02 14:41:08 | 000,047,660 | ---- | M] (ActivCard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\actccid.sys -- (actccid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1482476501-507921405-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1482476501-507921405-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1482476501-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/27 09:56:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/23 11:06:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1482476501-507921405-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1482476501-507921405-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Bubba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bubba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/25 22:24:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 10:17:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bubba\My Documents\OTL.exe
[2011/04/28 12:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\pdfforge
[2011/04/28 12:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\Search Settings
[2011/04/28 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/04/28 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011/04/28 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/04/28 12:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
[2011/04/28 12:17:05 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2011/04/28 12:17:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2011/04/28 12:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/04/26 13:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\AVG
[2011/04/26 13:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/26 13:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/26 11:24:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/26 11:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\AVG10
[2011/04/26 11:02:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/26 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/26 11:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/26 11:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/26 10:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/26 09:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/24 10:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\Fixes
[2011/04/23 21:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Desktop\gmer
[2011/04/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\BabylonToolbar
[2011/04/23 04:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/23 03:52:19 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/04/23 03:52:14 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/04/23 03:52:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/04/23 03:52:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/04/23 03:52:12 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/04/23 03:52:09 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/04/23 03:52:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/04/23 03:52:04 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/04/23 03:52:02 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/04/23 03:51:52 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/04/23 03:51:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/04/23 03:51:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/04/23 03:51:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/04/23 03:51:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/04/23 03:51:42 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/04/23 03:51:42 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/04/23 03:51:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/04/23 03:51:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/04/23 03:51:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/04/23 03:51:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/04/22 21:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\Downloads
[2011/04/16 18:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\OneNote Notebooks
[2011/04/15 15:18:58 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/04/15 15:18:58 | 000,398,760 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/15 15:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/04/15 15:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/04/09 17:08:35 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/04/09 17:08:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/04/09 17:08:34 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/04/07 15:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\April 2011
[2011/04/07 15:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/04/07 15:02:51 | 000,000,000 | ---D | C] -- C:\SLAP1_4
[2011/04/07 15:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SLAP 1.4
[2011/04/07 15:01:17 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2011/04/07 14:59:00 | 000,860,160 | ---- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\System32\ccsdk32.dll
[2011/04/07 14:59:00 | 000,223,232 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FHTML.DLL
[2011/04/07 14:59:00 | 000,133,120 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2sevt.dll
[2011/04/07 14:59:00 | 000,125,952 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FXLS.DLL
[2011/04/07 14:59:00 | 000,118,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FWORDW.DLL
[2011/04/07 14:59:00 | 000,094,208 | ---- | C] (VisionFactory) -- C:\WINDOWS\System32\VFzip.ocx
[2011/04/07 14:59:00 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011/04/07 14:59:00 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FSEPV.DLL
[2011/04/07 14:59:00 | 000,045,056 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2DDISK.DLL
[2011/04/07 14:58:58 | 000,154,112 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2SODBC.DLL
[2011/04/07 14:58:56 | 000,122,880 | ---- | C] (Seagate Software Information Management Group, Inc) -- C:\WINDOWS\System32\p2smon.dll
[2011/04/07 14:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PFPS Administration
[2011/04/07 14:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PFPS
[2011/04/07 14:56:24 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2011/04/07 14:56:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2011/04/07 14:56:23 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2011/04/07 14:56:23 | 000,420,864 | ---- | C] (Digital Equipment Corporation) -- C:\WINDOWS\System32\Dforrt.dll
[2011/04/07 14:56:23 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2011/04/07 14:56:23 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscal.ocx
[2011/04/07 14:56:23 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2011/04/07 14:55:45 | 000,245,760 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsocx6.ocx
[2011/04/07 14:55:45 | 000,207,360 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex3.ocx
[2011/04/07 14:55:45 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\Threed32.ocx
[2011/04/07 14:55:44 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comctl32.ocx
[2011/04/07 14:55:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2011/04/07 14:55:44 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2011/04/07 14:53:33 | 001,056,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2011/04/07 14:53:33 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2011/04/07 14:53:33 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msxbse35.dll
[2011/04/07 14:53:33 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msexcl35.dll
[2011/04/07 14:53:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mspdox35.dll
[2011/04/07 14:53:33 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2011/04/07 14:53:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msltus35.dll
[2011/04/07 14:53:33 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mstext35.dll
[2011/04/07 14:53:32 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2011/04/07 14:53:32 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjint35.dll
[2011/04/07 14:53:32 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2011/04/07 14:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\WINDOWS
[2011/04/07 14:41:24 | 000,000,000 | ---D | C] -- C:\PFPS
[2011/04/07 14:41:17 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2011/04/07 14:41:17 | 000,034,304 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\NTSVC.ocx
[2011/04/07 14:41:17 | 000,032,768 | ---- | C] (Intelink Service Management Center) -- C:\WINDOWS\System32\Banner_Service.exe
[2011/04/07 14:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Banner_Service
[2011/04/07 14:40:26 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/04/02 08:47:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/02 08:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Local Settings\Application Data\Temp
[2011/04/02 08:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/02 08:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/04/02 08:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/02 08:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/02 08:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Local Settings\Application Data\Adobe
[2011/04/01 16:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/04/01 16:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/04/01 16:03:28 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/04/01 16:03:28 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/04/01 16:03:28 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/04/01 16:03:28 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/04/01 16:03:28 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/04/01 16:03:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/04/01 16:03:28 | 000,000,000 | ---D | C] -- C:\881712aa1a36b4b4e0
[2010/12/22 12:26:24 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Bubba\Application Data\AcrobatPro_10_Web_WWEFD.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 10:17:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bubba\My Documents\OTL.exe
[2011/05/01 09:00:05 | 113,882,525 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/01 02:11:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/30 05:38:49 | 000,001,406 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/04/28 22:42:34 | 000,081,655 | ---- | M] () -- C:\Documents and Settings\Bubba\My Documents\28APR2011 Security Info Brief.pdf
[2011/04/28 12:17:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2011/04/28 12:17:23 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2011/04/28 11:19:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\sysadmin.INI
[2011/04/27 12:15:12 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/27 12:15:12 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/27 12:11:00 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Sznimr.job
[2011/04/27 12:10:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/27 09:56:01 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/26 13:03:07 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/26 13:03:07 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bubba\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/26 11:27:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/25 01:45:01 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/23 21:22:35 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Bubba\Desktop\gmer.zip
[2011/04/23 18:37:56 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/23 18:37:37 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Bubba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 18:33:21 | 000,054,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/04/16 18:37:28 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Bubba\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/04/15 15:18:58 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/04/15 15:18:58 | 000,398,760 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/15 03:09:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 20:30:24 | 000,057,428 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 09:13:05 | 007,126,510 | ---- | M] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Maintenance Guide.pdf
[2011/04/10 09:10:50 | 003,573,630 | ---- | M] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Owners Manual.pdf
[2011/04/07 15:33:35 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\Bubba\Desktop\FalconView.lnk
[2011/04/07 15:03:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HandHeld AWE.lnk
[2011/04/07 14:57:06 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PFPS.lnk
[2011/04/02 08:38:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 09:00:05 | 113,882,525 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/30 05:38:49 | 000,001,406 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/04/28 22:42:24 | 000,081,655 | ---- | C] () -- C:\Documents and Settings\Bubba\My Documents\28APR2011 Security Info Brief.pdf
[2011/04/28 12:17:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2011/04/28 12:17:23 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2011/04/28 12:17:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/28 11:19:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sysadmin.INI
[2011/04/26 13:03:07 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/26 13:03:07 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Bubba\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/26 11:02:24 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/23 21:22:35 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Bubba\Desktop\gmer.zip
[2011/04/23 18:37:56 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/23 18:37:28 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Bubba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 13:00:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 04:06:14 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\Sznimr.job
[2011/04/16 18:37:28 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Bubba\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/04/14 20:30:24 | 000,057,428 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 09:12:55 | 007,126,510 | ---- | C] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Maintenance Guide.pdf
[2011/04/10 09:10:50 | 003,573,630 | ---- | C] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Owners Manual.pdf
[2011/04/07 15:33:35 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Bubba\Desktop\FalconView.lnk
[2011/04/07 15:03:33 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HandHeld AWE.lnk
[2011/04/07 14:59:49 | 000,621,140 | ---- | C] () -- C:\WINDOWS\System32\win.tlb
[2011/04/07 14:59:00 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\VFzip.lic
[2011/04/07 14:57:06 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PFPS.lnk
[2011/04/07 14:41:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2011/04/07 14:41:17 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2011/04/02 08:38:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/02 08:38:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/27 10:06:50 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2011/03/26 10:16:33 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/03/25 23:03:21 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011/03/25 22:59:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/03/25 22:59:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/03/25 22:59:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/03/25 22:57:48 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2011/03/25 22:35:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bubba\Local Settings\Application Data\fusioncache.dat
[2011/03/25 22:28:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 22:20:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/25 17:02:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/25 17:01:53 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/01 13:24:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SS70PP.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


---------------------------

OTL Extras logfile created on: 5/1/2011 10:19:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bubba\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 99.79 Gb Free Space | 66.95% Space Free | Partition Type: NTFS
Drive F: | 7.43 Gb Total Space | 3.83 Gb Free Space | 51.55% Space Free | Partition Type: FAT32

Computer Name: BUBBAS | User Name: Bubba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DEE21B0-1EF8-11D5-86C6-006008963237}" = SLAP 1.4 with SP3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9D8E10FA-E919-47CA-A169-3D5DFA9ED5C7}" = PFPS Weather Tool
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{F85D0EB6-596A-4BE4-86C5-B4BE4819C1FD}" = HandHeld PFPS AWE
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"AVG" = AVG 2011
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESPNMotion" = ESPNMotion
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"InstallShield_{F85D0EB6-596A-4BE4-86C5-B4BE4819C1FD}" = HandHeld PFPS AWE
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PFPS" = PFPS 3.3.1 SP4
"PFPS FIE Tools" = PFPS FIE Tools
"PFPS Update Tool 1.3" = PFPS Update Tool 1.3
"RATv1.3" = RATv1.3
"SkyView" = SkyView 3.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TimeLine" = TimeLine Tool v1.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Workstation Security Banner Service" = Workstation Security Banner Service

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2011 6:30:30 PM | Computer Name = BUBBAS | Source = UmxAgent | ID = 67
Description =

Error - 4/24/2011 4:13:03 AM | Computer Name = BUBBAS | Source = Application Error | ID = 1000
Description = Faulting application hzh.exe, version 0.0.0.0, faulting module hzh.exe,
version 0.0.0.0, fault address 0x0000f53f.

Error - 4/24/2011 9:24:56 AM | Computer Name = BUBBAS | Source = Application Error | ID = 1001
Description = Fault bucket -1881004373.

Error - 4/24/2011 3:19:07 PM | Computer Name = BUBBAS | Source = Application Error | ID = 1000
Description = Faulting application hzh.exe, version 0.0.0.0, faulting module hzh.exe,
version 0.0.0.0, fault address 0x0000f53f.

Error - 4/24/2011 9:28:53 PM | Computer Name = BUBBAS | Source = Application Error | ID = 1001
Description = Fault bucket -1881004373.

Error - 4/24/2011 11:02:28 PM | Computer Name = BUBBAS | Source = Application Error | ID = 1000
Description = Faulting application hzh.exe, version 0.0.0.0, faulting module hzh.exe,
version 0.0.0.0, fault address 0x0000f53f.

Error - 4/26/2011 11:28:48 AM | Computer Name = BUBBAS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2011 11:29:18 AM | Computer Name = BUBBAS | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/27/2011 12:01:23 PM | Computer Name = BUBBAS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x6e016646.

Error - 4/27/2011 12:01:32 PM | Computer Name = BUBBAS | Source = Application Error | ID = 1001
Description = Fault bucket 1708053363.

[ System Events ]
Error - 3/28/2011 8:22:01 PM | Computer Name = BUBBAS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\usbaaplrc.dll.
Reference
error message: The operation completed successfully. .

Error - 3/28/2011 8:22:01 PM | Computer Name = BUBBAS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 3/28/2011 8:22:01 PM | Computer Name = BUBBAS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 3/28/2011 8:22:01 PM | Computer Name = BUBBAS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\usbaaplrc.dll.
Reference
error message: The operation completed successfully. .

Error - 4/7/2011 2:39:27 PM | Computer Name = BUBBAS | Source = actccid | ID = 0
Description =

Error - 4/7/2011 2:39:27 PM | Computer Name = BUBBAS | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'ActivCard USB Reader V2 0' rejected IOCTL POWER:
The smart card is not responding to a reset.

Error - 4/7/2011 2:39:28 PM | Computer Name = BUBBAS | Source = actccid | ID = 0
Description =

Error - 4/7/2011 2:39:28 PM | Computer Name = BUBBAS | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'ActivCard USB Reader V2 0' rejected IOCTL POWER:
The smart card is not responding to a reset.

Error - 4/7/2011 2:39:29 PM | Computer Name = BUBBAS | Source = actccid | ID = 0
Description =

Error - 4/7/2011 2:39:29 PM | Computer Name = BUBBAS | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'ActivCard USB Reader V2 0' rejected IOCTL POWER:
The smart card is not responding to a reset.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:28 PM

Posted 01 May 2011 - 10:58 AM

Hi,

please run a scan with MBAM next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 csloan8

csloan8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 01 May 2011 - 10:07 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6487

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/1/2011 11:05:41 PM
mbam-log-2011-05-01 (23-05-41).txt

Scan type: Quick scan
Objects scanned: 153138
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\D1T2EUR7FZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:28 PM

Posted 02 May 2011 - 04:26 PM

Hi,

please run kenco next:
Please download Kenco.exe and save it to your desktop.
  • Double-click on Kenco.exe to run it (if you get a security warning, click run).
  • You will see a black command window and shortly a logfile will be opened. Note - Kenco.log will be saved on your desktop.
  • In order to complete the cleaning process, Kenco.exe may need to reboot your computer.
Please copy/paste the contents of kenco.log in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 csloan8

csloan8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 02 May 2011 - 10:58 PM

Kenco by jpshortstuff (31.12.09.1)
Log created at 23:56 on 02/05/2011 (Bubba)

========== Task Unlocker ==========
C:\WINDOWS\Tasks\Sznimr.job -> Unlocked!

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
MP Scheduled Scan.job -> [03:41 26/03/2011] 330 bytes
Sznimr.job -> [08:06 23/04/2011] 304 bytes

-=E.O.F=-

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:28 PM

Posted 03 May 2011 - 04:11 PM

Hi,

please run the following script with OTL:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\WINDOWS\Tasks\Sznimr.job
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

How's the PC doing?

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 csloan8

csloan8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 03 May 2011 - 05:06 PM

========== FILES ==========
C:\WINDOWS\Tasks\Sznimr.job moved successfully.
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05032011_175806

thank you for all of your help!!!

the computer is running much better with no errant redirects.

r/
chris

#10 csloan8

csloan8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 03 May 2011 - 05:17 PM

OTL logfile created on: 5/3/2011 6:06:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bubba\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 196.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 40.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 112.09 Gb Free Space | 75.21% Space Free | Partition Type: NTFS

Computer Name: BUBBAS | User Name: Bubba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bubba\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\PFPS\system\routesvr.exe (ESC/OL-1)
PRC - C:\PFPS\cfps\cfps.exe (ESC/OL-1)
PRC - C:\PFPS\Weather\PFPSWeather50.exe (Tybrin)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\PFPS\falcon\fvw.exe (Georgia Tech Research Corporation (GTRC))


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bubba\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (actccid) -- C:\WINDOWS\system32\drivers\actccid.sys (ActivCard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/27 09:56:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/23 11:06:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Bubba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bubba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/25 22:24:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 17:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/02 23:56:00 | 000,044,567 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Bubba\My Documents\Kenco.exe
[2011/05/02 09:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\PFPSWeather
[2011/05/01 22:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\Malwarebytes
[2011/05/01 22:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/01 22:46:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/01 22:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/01 22:46:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/01 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/01 22:45:19 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bubba\My Documents\mbam-setup.exe
[2011/05/01 10:17:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bubba\My Documents\OTL.exe
[2011/04/28 12:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\pdfforge
[2011/04/28 12:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\Search Settings
[2011/04/28 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/04/28 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011/04/28 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/04/28 12:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
[2011/04/28 12:17:05 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2011/04/28 12:17:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2011/04/28 12:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/04/26 13:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\AVG
[2011/04/26 13:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/26 13:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/26 11:24:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/26 11:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\AVG10
[2011/04/26 11:02:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/26 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/26 11:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/26 11:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/26 10:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/26 09:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/24 10:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\Fixes
[2011/04/23 21:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Desktop\gmer
[2011/04/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\Application Data\BabylonToolbar
[2011/04/23 04:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/23 03:52:19 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/04/23 03:52:14 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/04/23 03:52:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/04/23 03:52:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/04/23 03:52:12 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/04/23 03:52:09 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/04/23 03:52:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/04/23 03:52:04 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/04/23 03:52:02 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/04/23 03:51:52 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/04/23 03:51:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/04/23 03:51:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/04/23 03:51:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/04/23 03:51:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/04/23 03:51:42 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/04/23 03:51:42 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/04/23 03:51:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/04/23 03:51:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/04/23 03:51:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/04/23 03:51:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/04/22 21:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\Downloads
[2011/04/16 18:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\OneNote Notebooks
[2011/04/15 15:18:58 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/04/15 15:18:58 | 000,398,760 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/15 15:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/04/15 15:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/04/09 17:08:35 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/04/09 17:08:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/04/09 17:08:34 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/04/07 15:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\My Documents\April 2011
[2011/04/07 15:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/04/07 15:02:51 | 000,000,000 | ---D | C] -- C:\SLAP1_4
[2011/04/07 15:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SLAP 1.4
[2011/04/07 15:01:17 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2011/04/07 14:59:00 | 000,860,160 | ---- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\System32\ccsdk32.dll
[2011/04/07 14:59:00 | 000,223,232 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FHTML.DLL
[2011/04/07 14:59:00 | 000,133,120 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2sevt.dll
[2011/04/07 14:59:00 | 000,125,952 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FXLS.DLL
[2011/04/07 14:59:00 | 000,118,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FWORDW.DLL
[2011/04/07 14:59:00 | 000,094,208 | ---- | C] (VisionFactory) -- C:\WINDOWS\System32\VFzip.ocx
[2011/04/07 14:59:00 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011/04/07 14:59:00 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2FSEPV.DLL
[2011/04/07 14:59:00 | 000,045,056 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\U2DDISK.DLL
[2011/04/07 14:58:58 | 000,154,112 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2SODBC.DLL
[2011/04/07 14:58:56 | 000,122,880 | ---- | C] (Seagate Software Information Management Group, Inc) -- C:\WINDOWS\System32\p2smon.dll
[2011/04/07 14:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PFPS Administration
[2011/04/07 14:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PFPS
[2011/04/07 14:56:24 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2011/04/07 14:56:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2011/04/07 14:56:23 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2011/04/07 14:56:23 | 000,420,864 | ---- | C] (Digital Equipment Corporation) -- C:\WINDOWS\System32\Dforrt.dll
[2011/04/07 14:56:23 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2011/04/07 14:56:23 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscal.ocx
[2011/04/07 14:56:23 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2011/04/07 14:55:45 | 000,245,760 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsocx6.ocx
[2011/04/07 14:55:45 | 000,207,360 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex3.ocx
[2011/04/07 14:55:45 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\Threed32.ocx
[2011/04/07 14:55:44 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comctl32.ocx
[2011/04/07 14:55:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2011/04/07 14:55:44 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2011/04/07 14:53:33 | 001,056,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2011/04/07 14:53:33 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2011/04/07 14:53:33 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msxbse35.dll
[2011/04/07 14:53:33 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msexcl35.dll
[2011/04/07 14:53:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mspdox35.dll
[2011/04/07 14:53:33 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2011/04/07 14:53:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msltus35.dll
[2011/04/07 14:53:33 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mstext35.dll
[2011/04/07 14:53:32 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2011/04/07 14:53:32 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjint35.dll
[2011/04/07 14:53:32 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2011/04/07 14:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bubba\WINDOWS
[2011/04/07 14:41:24 | 000,000,000 | ---D | C] -- C:\PFPS
[2011/04/07 14:41:17 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2011/04/07 14:41:17 | 000,034,304 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\NTSVC.ocx
[2011/04/07 14:41:17 | 000,032,768 | ---- | C] (Intelink Service Management Center) -- C:\WINDOWS\System32\Banner_Service.exe
[2011/04/07 14:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Banner_Service
[2011/04/07 14:40:26 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/12/22 12:26:24 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Bubba\Application Data\AcrobatPro_10_Web_WWEFD.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 13:39:17 | 114,096,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/03 09:38:49 | 000,001,799 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/03 02:11:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/02 23:56:00 | 000,044,567 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Bubba\My Documents\Kenco.exe
[2011/05/01 23:13:43 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 23:13:43 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 23:09:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 22:46:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 22:45:22 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bubba\My Documents\mbam-setup.exe
[2011/05/01 10:17:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bubba\My Documents\OTL.exe
[2011/04/28 22:42:34 | 000,081,655 | ---- | M] () -- C:\Documents and Settings\Bubba\My Documents\28APR2011 Security Info Brief.pdf
[2011/04/28 12:17:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2011/04/28 12:17:23 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2011/04/28 11:19:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\sysadmin.INI
[2011/04/27 09:56:01 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/26 13:03:07 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/26 13:03:07 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bubba\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/26 11:27:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/25 01:45:01 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/23 21:22:35 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Bubba\Desktop\gmer.zip
[2011/04/23 18:37:56 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/23 18:37:37 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Bubba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 18:33:21 | 000,054,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/04/16 18:37:28 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Bubba\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/04/15 15:18:58 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/04/15 15:18:58 | 000,398,760 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/15 03:09:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 20:30:24 | 000,057,428 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 09:13:05 | 007,126,510 | ---- | M] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Maintenance Guide.pdf
[2011/04/10 09:10:50 | 003,573,630 | ---- | M] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Owners Manual.pdf
[2011/04/07 15:33:35 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\Bubba\Desktop\FalconView.lnk
[2011/04/07 15:03:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HandHeld AWE.lnk
[2011/04/07 14:57:06 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PFPS.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 13:39:17 | 114,096,909 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/03 09:38:49 | 000,001,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/01 22:46:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 22:42:24 | 000,081,655 | ---- | C] () -- C:\Documents and Settings\Bubba\My Documents\28APR2011 Security Info Brief.pdf
[2011/04/28 12:17:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2011/04/28 12:17:23 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2011/04/28 12:17:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/28 11:19:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sysadmin.INI
[2011/04/26 13:03:07 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/26 13:03:07 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Bubba\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/26 11:02:24 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/23 21:22:35 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Bubba\Desktop\gmer.zip
[2011/04/23 18:37:56 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Bubba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/23 18:37:28 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Bubba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 13:00:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/16 18:37:28 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Bubba\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/04/14 20:30:24 | 000,057,428 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 09:12:55 | 007,126,510 | ---- | C] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Maintenance Guide.pdf
[2011/04/10 09:10:50 | 003,573,630 | ---- | C] () -- C:\Documents and Settings\Bubba\My Documents\2004 F150 Owners Manual.pdf
[2011/04/07 15:33:35 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Bubba\Desktop\FalconView.lnk
[2011/04/07 15:03:33 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HandHeld AWE.lnk
[2011/04/07 14:59:49 | 000,621,140 | ---- | C] () -- C:\WINDOWS\System32\win.tlb
[2011/04/07 14:59:00 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\VFzip.lic
[2011/04/07 14:57:06 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PFPS.lnk
[2011/04/07 14:41:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2011/04/07 14:41:17 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2011/03/27 10:06:50 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2011/03/26 10:16:33 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/03/25 23:03:21 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011/03/25 22:59:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/03/25 22:59:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/03/25 22:59:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/03/25 22:57:48 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2011/03/25 22:35:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bubba\Local Settings\Application Data\fusioncache.dat
[2011/03/25 22:28:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 22:20:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/25 17:02:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/25 17:01:53 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/01 13:24:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SS70PP.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:28 PM

Posted 03 May 2011 - 05:45 PM

Hi,

I'm happy to hear that, please run a scan with Eset to check for leftovers:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:28 PM

Posted 12 May 2011 - 10:27 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users