Need help wth alpha virus?

View previous topic View next topic Go down

Need help wth alpha virus?

Post by tracij70 on 27th January 2010, 5:15 pm

I think I have the alpha virus. But not sure. I am very computer stupid! I am also getting " Microsoft Windows Search Protocol Host has stopped working and was closed". I am not sure what that means either. It happens everytime u try to open a window or program. I have tried to do a system restore but it will not let me. Any help would be great and thank you in advance for any help..Thanks for being here for us.

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by Belahzur on 27th January 2010, 8:27 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 27th January 2010, 9:17 pm

OTL Extras logfile created on: 1/27/2010 3:06:26 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\shirley\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 202.29 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.28 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-PC
Current User Name: shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B704A4C-00F0-40B0-BF70-478BBAE9D8A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{334123F9-453D-4FFB-AD7F-A121120C9415}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33840674-763D-4F1C-8603-661823AED264}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{379A42A4-E413-4D4F-BE4E-C7708A7CCBFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F95CD51-B6AB-47A4-AD77-80BDB1271B95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA0FB3C1-C74C-42E8-9DA3-3FBDC78277AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA10A4F3-795F-405D-B705-BCB62F057286}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1CEACA3-C110-4D06-AC52-FF32F10C2895}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4EF6E45-C40D-43B2-8DCA-ADD3838576D4}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00045071-9FF2-48A0-B5ED-21D7A3DF1A57}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1B940A2B-FEE4-4EB2-95DB-59E12F37B9EA}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{286019F5-D9B5-43D9-A2CA-B1D1E02EF245}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{30CBD616-D24F-4567-8082-DC9CC96FE198}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{33EFFE7B-7632-4381-8A90-3FD5C13579B7}" = protocol=6 | dir=in | app=c:\windows\temp\~osbcf8.tmp\ossproxy.exe |
"{348C1A0A-A212-4F68-91A8-B286FBCE3182}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{3CB206B6-7675-428B-AF5C-A6A15A96E7D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45720904-D746-4FE7-BB6E-3763CE589704}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{45CAFBB5-6478-4D9B-A23E-9DAC9B47A6B0}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{4EC050E7-A7F7-4BB7-8477-E7150705F6E8}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{508BC248-455F-40AC-AE93-E4C3BF1A272D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{54681E0B-0825-4894-B84A-BA8FADCE33DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A65F103-FEF6-46E8-A6F9-76A98D4A9E22}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5D7ACD35-04CE-480F-8DCC-01EDF849AE31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69BFC89D-19D5-46EA-ABE3-39EE32D02680}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB1D382-A80B-4E3D-9378-B984BECE9BB6}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{72024DEE-0C5C-4483-8724-59FD977D64FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{75490121-B1C7-47A0-B9AF-73BC90468474}" = protocol=17 | dir=in | app=c:\users\shirley\appdata\local\temp\7zs11e0.tmp\symnrt.exe |
"{7CB57FAF-8C5F-4D32-9696-81199FC9486D}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{87E168C7-1F73-4A1E-AF85-6383BD0C03F6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{8FB74ADB-A285-4F6B-A227-6BC839C23595}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{99A80644-C12D-4758-920C-AC2FEFAA3AF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9A64A7F9-EB11-4425-884A-2E9FD8BDF284}" = protocol=6 | dir=in | app=c:\windows\temp\~osf374.tmp\ossproxy.exe |
"{9BE93169-7664-445D-ABF2-A536F94E6F21}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{A42C409C-6AD0-4C99-AAF3-4A4394B62AA5}" = protocol=6 | dir=in | app=c:\users\shirley\appdata\local\temp\7zs11e0.tmp\symnrt.exe |
"{BA77AB93-1CF1-4C11-9712-ABCEF9344148}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{BDBD7FFD-ED30-4520-ACDD-34CA997CD69F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{BEAC6EAD-BEC4-464E-809C-E1466F07D307}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0C88426-C8F8-4E7F-9E5C-C77AE04049BE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C110D263-C689-4D8E-868C-C4248A7B8F5D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C148D92A-79B1-45C1-8F2B-16193713C43E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C799B313-00AF-49AC-8438-FB6BF4C2BDD5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDEFA7B3-E139-43C1-897B-750DC96C8B50}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{CE9F98EA-206C-4FAC-87F1-6F7C4BB8C04B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D66B0C85-C4E9-406F-99B1-94331D65976B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DABD1AD1-4112-4401-AB21-861837418006}" = protocol=6 | dir=in | app=c:\windows\temp\~osea19.tmp\rlvknlg.exe |
"{E47D1511-C190-424E-A938-D9EB5632739D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{EA2DC4B8-DCE0-4904-88C4-8746BD3EBCC2}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{ECD955AB-201A-4A37-AA4E-F91D59BDB29D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6A09171-E81F-423B-B2CA-4145CFEDA1B9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{F702C14F-ADBF-432A-B381-B0E55BCEA74F}" = protocol=6 | dir=out | app=system |
"{F8E162CD-4413-4396-9153-56494C1B18B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDE88E06-5CA0-419B-A148-1CE970CF4F24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1FC25C6B-9541-4C39-90DC-A5002829F0E6}C:\users\shirley\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=6 | dir=in | app=c:\users\shirley\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"TCP Query User{2022ECE8-E2A4-4063-B066-0A246438694C}C:\program files\yahoo! games\poppit to go\poppittogo.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\poppit to go\poppittogo.exe |
"TCP Query User{441CF380-51FE-4BE9-9628-120E9A9FA6EE}C:\my games\demolition derby and figure 8 race\derbydemo.exe" = protocol=6 | dir=in | app=c:\my games\demolition derby and figure 8 race\derbydemo.exe |
"TCP Query User{46AC352B-7821-451A-BB2C-B86EF5D5DECF}C:\program files\infogrames\dirt track racing 2\dtr2.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\dirt track racing 2\dtr2.exe |
"TCP Query User{C7057E81-A1ED-46DE-B1EA-66880841A3DC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4A4E40DC-1F9F-40BB-9329-96B3592430EA}C:\program files\yahoo! games\poppit to go\poppittogo.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\poppit to go\poppittogo.exe |
"UDP Query User{5A9EB082-8508-447F-AA47-D1830F0FB5A2}C:\users\shirley\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=17 | dir=in | app=c:\users\shirley\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"UDP Query User{5BD42653-3A78-49A0-94B5-94777DC97A9F}C:\my games\demolition derby and figure 8 race\derbydemo.exe" = protocol=17 | dir=in | app=c:\my games\demolition derby and figure 8 race\derbydemo.exe |
"UDP Query User{620F5A7E-487C-4868-9DE6-618743CECA9C}C:\program files\infogrames\dirt track racing 2\dtr2.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\dirt track racing 2\dtr2.exe |
"UDP Query User{8EE2B62A-7BF1-4B48-9996-6C1627E441D3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1}" = Mirar
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2002 Games" = 2002 Games
"4500 Slots Games" = 4500 Slots Games
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"am-wheeloffortune" = Wheel of Fortune
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG 9.0
"bearsharetb" = MediaBar
"Best Game Hits 3" = Best Games Hits 3
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Mystery P.I. - The Vegas Heist" = Mystery P.I.: The Vegas Heist
"BFG-Redrum" = Redrum ™
"BFG-The Scruffs" = The Scruffs
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"GameHouse" = GameHouse
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iWin Toolbar" = iWin Toolbar
"Living Marine Aquarium 2 Screen Saver" = Living Marine Aquarium 2 Screen Saver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mountain Car_is1" = Mountain Car
"My.Freeze.com Toolbar" = My.Freeze.com Toolbar
"Nature Reserve Screensaver_is1" = Nature Reserve Screensaver 1.0
"Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.9.12.1
"NVIDIA Drivers" = NVIDIA Drivers
"PCConfidential_is1" = PC Confidential 2008
"PhoTagsExpress" = PhoTags Express
"Real Crimes: The Unicorn Killer" = Real Crimes: The Unicorn Killer
"RealArcade" = RealArcade
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Spyware Doctor" = Spyware Doctor 7.0
"Super Bounce Out_is1" = Super Bounce Out
"TabQuery" = TabQuery 1.0 build 117
"Tight Backgrounds" = Tight Backgrounds
"Turbo Drag 21.0" = Turbo Drag 2
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WT083321" = Pizza Chef
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2010 2:19:46 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0013656c, process id 0x7dc, application
start time 0x01ca9f7d4e090da6.

Error - 1/27/2010 2:19:50 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0014656c, process id 0xa60, application
start time 0x01ca9f7d50899e06.

Error - 1/27/2010 2:19:54 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x001d656c, process id 0xf8c, application
start time 0x01ca9f7d52fb6156.

Error - 1/27/2010 2:19:59 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0072656c, process id 0x1760, application
start time 0x01ca9f7d55805e86.

Error - 1/27/2010 2:20:03 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x000f656c, process id 0x1414, application
start time 0x01ca9f7d5805a9d6.

Error - 1/27/2010 2:20:07 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0014656c, process id 0xdec, application
start time 0x01ca9f7d5a88ab36.

Error - 1/27/2010 2:20:11 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0017656c, process id 0x14b8, application
start time 0x01ca9f7d5d09d7d6.

Error - 1/27/2010 2:20:16 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0013656c, process id 0x173c, application
start time 0x01ca9f7d5f8e5fd6.

Error - 1/27/2010 2:20:20 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x000b656c, process id 0x910, application
start time 0x01ca9f7d6258f186.

Error - 1/27/2010 2:20:25 PM | Computer Name = shirley-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 7.0.6001.16503,
time stamp 0x483b9996, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0007656c, process id 0x116c, application
start time 0x01ca9f7d6526b786.

[ System Events ]
Error - 1/27/2010 4:24:58 PM | Computer Name = shirley-PC | Source = DCOM | ID = 10016
Description =

Error - 1/27/2010 4:25:58 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/27/2010 4:55:21 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/27/2010 4:55:21 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/27/2010 4:55:21 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 1/27/2010 4:57:53 PM | Computer Name = shirley-PC | Source = HTTP | ID = 15016
Description =

Error - 1/27/2010 4:59:01 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2010 4:59:01 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/27/2010 4:59:01 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/27/2010 4:59:44 PM | Computer Name = shirley-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 27th January 2010, 9:20 pm

OTL logfile created on: 1/27/2010 3:06:26 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\shirley\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 202.29 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.28 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-PC
Current User Name: shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/27 15:05:33 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\shirley\Downloads\OTL.exe
PRC - [2010/01/26 14:17:03 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/26 14:17:02 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/26 14:17:02 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/26 14:17:02 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/26 14:17:02 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/26 14:17:00 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/26 14:17:00 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/01/26 14:17:00 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/22 09:58:06 | 00,058,184 | ---- | M] () -- C:\ProgramData\TabQuery\tabquery117.exe
PRC - [2010/01/22 09:58:06 | 00,058,184 | ---- | M] () -- C:\Program Files\TabQuery\tabquery.exe
PRC - [2010/01/02 00:40:20 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/18 08:21:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/18 17:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/11/13 10:33:46 | 00,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/27 00:51:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/09/04 05:34:46 | 00,403,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/08/22 16:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/20 20:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 20:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 20:23:43 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2008/01/20 20:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe


========== Modules (SafeList) ==========

MOD - [2010/01/27 15:05:33 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\shirley\Downloads\OTL.exe
MOD - [2010/01/26 14:17:26 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/01/22 09:58:02 | 00,589,824 | ---- | M] () -- C:\Program Files\TabQuery\tabquery.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/01/20 20:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RelevantKnowledge)
SRV - [2010/01/26 14:17:00 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/26 14:17:00 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/22 09:58:06 | 00,058,184 | ---- | M] () [Auto | Running] -- C:\ProgramData\TabQuery\tabquery117.exe -- (TabQuery Service)
SRV - [2009/11/24 16:37:45 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6d56c5784d5d) Google Update Service (gupdate1ca6d56c5784d5d)
SRV - [2009/11/13 14:13:04 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 06:16:12 | 00,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/04/18 08:21:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/27 00:51:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/09/04 05:34:46 | 00,403,968 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService)
SRV - [2008/08/22 16:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/01/20 20:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/26 14:17:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/26 14:17:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/26 14:17:26 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/26 14:17:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/12 10:03:32 | 00,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/12 10:03:32 | 00,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/12 10:03:32 | 00,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/11/04 16:54:12 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/03 09:45:12 | 00,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2009/02/12 14:11:24 | 00,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/09/27 00:51:00 | 07,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 04:36:34 | 00,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/24 11:31:06 | 02,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 06:48:20 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 06:47:18 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 06:46:22 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 05:34:34 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 06:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 10:12:50 | 00,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 10:12:22 | 00,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/07/04 11:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/05/22 03:39:34 | 00,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 20:24:13 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\diskmgr.sys -- (diskmgr)
DRV - [2008/01/20 20:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 20:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/14 20:03:08 | 00,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 08:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 11:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/07/03 15:44:10 | 00,000,000 | ---D | M] -- C:\Users\shirley\AppData\Roaming\Mozilla\Extensions
[2009/07/03 15:44:10 | 00,000,000 | ---D | M] -- C:\Users\shirley\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/29 17:51:20 | 00,000,000 | ---D | M] -- C:\Users\shirley\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/29 17:51:20 | 00,000,000 | ---D | M] (No name found) -- C:\Users\shirley\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/26 09:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/26 09:06:41 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 15:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Mirar) - {BBF3DD47-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Mirar) - {BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mirar) - {BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Kfile] C:\Users\shirley\AppData\Local\mguicher.DLL File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SfKg6wIPuS] C:\Users\shirley\AppData\Roaming\Microsoft\Windows\oulwsv.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O4 - HKCU..\Run: [VibeFireAlerts] File not found
O4 - HKCU..\Run: [Vvatigo] C:\Users\shirley\AppData\Local\itaxodem.DLL (RAD Game Tools, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [WhereSphere] C:\Users\shirley\AppData\Roaming\WhereSphere\wheresphere.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\kbdsock.dll) - C:\Windows\System32\kbdsock.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shirley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shirley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\mshlps.dll) - C:\Windows\System32\mshlps.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 12:49:12 | 00,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010/01/27 12:49:12 | 00,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010/01/27 12:49:12 | 00,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010/01/27 11:38:19 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/01/27 11:38:19 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/01/27 11:38:19 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/01/27 11:36:17 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/01/27 11:36:17 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/01/27 11:36:10 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/01/27 11:36:10 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/01/27 11:36:02 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/01/27 11:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/27 11:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/27 11:35:58 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\PC Tools
[2010/01/27 11:35:58 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/26 14:17:27 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/26 14:17:26 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/26 14:17:26 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/26 14:17:26 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/01/26 14:17:26 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/26 14:17:26 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/26 14:17:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/26 14:17:14 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/01/26 14:16:59 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/26 13:56:24 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/26 09:21:08 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Local\{E0401780-5725-463D-9583-5F2329428F68}
[2010/01/26 09:16:46 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/26 09:06:38 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\ojjw.exe
[2010/01/26 08:55:50 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2010/01/24 21:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue
[2010/01/24 21:28:59 | 00,000,000 | ---D | C] -- C:\ProgramData\TabQuery
[2010/01/24 21:28:59 | 00,000,000 | ---D | C] -- C:\Program Files\TabQuery
[2010/01/24 21:00:48 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\Valusoft
[2010/01/24 21:00:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Valusoft
[2010/01/24 17:20:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/01/24 15:35:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/24 15:35:17 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/24 15:35:17 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/24 15:35:17 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/24 15:35:17 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/24 15:35:17 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/24 15:35:17 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/24 15:35:17 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/24 15:35:17 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/24 15:35:17 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/24 15:35:17 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/24 15:35:17 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/24 15:35:17 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/24 15:35:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/24 15:35:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/24 15:35:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/15 19:46:09 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\blg
[2010/01/15 19:46:09 | 00,000,000 | ---D | C] -- C:\ProgramData\blg
[2010/01/15 18:02:03 | 00,000,000 | ---D | C] -- C:\ProgramData\GoBit Games
[2010/01/15 14:37:04 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\Aisle 5 Games, Inc
[2010/01/14 14:35:33 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\TheFixerUpper
[2010/01/11 12:26:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/01/11 12:25:43 | 00,000,000 | ---D | C] -- C:\ProgramData\NeoEdge Networks
[2010/01/09 22:41:52 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\SerpentOfIsis
[2010/01/09 19:25:39 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\YoudaGames
[2010/01/05 16:51:32 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/01/04 20:55:42 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\Sony Corporation
[2010/01/04 20:55:42 | 00,000,000 | ---D | C] -- C:\Users\shirley\Documents\Picture Motion Browser
[2010/01/04 20:46:34 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/01/04 20:45:13 | 00,122,864 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxInsI64.exe
[2010/01/04 20:45:13 | 00,120,816 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxCpyI64.exe
[2010/01/04 20:45:13 | 00,072,176 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2010/01/04 20:45:13 | 00,066,544 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxCpyA64.exe
[2010/01/04 20:45:13 | 00,066,032 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxInsA64.exe
[2010/01/04 20:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/01/04 20:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/01/04 20:43:38 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\InstallShield
[2009/12/30 17:31:29 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/12/30 17:30:28 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/30 17:30:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/30 17:25:43 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/12/30 17:25:41 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/30 17:25:41 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2008/01/20 20:24:21 | 00,149,504 | ---- | C] (RAD Game Tools, Inc.) -- C:\Users\shirley\AppData\Local\itaxodem.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 15:09:42 | 03,407,872 | -HS- | M] () -- C:\Users\shirley\ntuser.dat
[2010/01/27 15:02:47 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/27 15:02:47 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/27 15:02:46 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/27 14:58:12 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/01/27 14:58:10 | 00,000,420 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2010/01/27 14:58:07 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/27 14:58:07 | 00,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/01/27 14:57:55 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 14:57:55 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 14:57:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/27 14:57:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/27 14:57:23 | 30,854,02112 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 14:56:37 | 00,524,288 | -HS- | M] () -- C:\Users\shirley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/27 14:56:37 | 00,065,536 | -HS- | M] () -- C:\Users\shirley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/27 14:54:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/27 13:10:17 | 00,000,120 | ---- | M] () -- C:\Users\shirley\AppData\Local\Oyixupovilo.dat
[2010/01/27 13:07:45 | 03,287,830 | -H-- | M] () -- C:\Users\shirley\AppData\Local\IconCache.db
[2010/01/27 11:36:05 | 00,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/27 11:06:08 | 00,000,000 | ---- | M] () -- C:\Users\shirley\AppData\Local\Ccolo.bin
[2010/01/27 09:19:14 | 54,743,474 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/26 14:17:27 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/26 14:17:26 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/26 14:17:26 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/26 14:17:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/26 14:17:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/26 14:17:26 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/01/26 14:17:26 | 00,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/26 14:17:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/26 14:17:26 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/26 14:17:26 | 00,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/01/26 12:56:55 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/01/26 09:16:46 | 47,953,0958 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/26 09:06:40 | 00,141,824 | ---- | M] (Microsoft Corporation) -- C:\ojjw.exe
[2010/01/26 09:06:40 | 00,004,096 | ---- | M] () -- C:\ytlmlfc.exe
[2010/01/24 21:35:39 | 00,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Play Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue.lnk
[2010/01/24 21:35:39 | 00,001,278 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/01/24 21:28:43 | 00,733,184 | ---- | M] () -- C:\Windows\System32\0c78.dll
[2010/01/24 17:21:25 | 00,001,220 | ---- | M] () -- C:\Users\shirley\Desktop\Resume Download Adobe_Flash_CS4_English_Windows.lnk
[2010/01/24 15:34:17 | 00,000,165 | ---- | M] () -- C:\Users\shirley\Desktop\More SpinTop Games.url
[2010/01/16 15:00:21 | 00,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/01/14 16:40:22 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\Day Cold Cart.wps
[2010/01/14 16:40:22 | 00,000,608 | ---- | M] () -- C:\Users\shirley\AppData\Roaming\wklnhst.dat
[2010/01/14 16:40:06 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\snack list.wps
[2010/01/14 16:31:12 | 00,016,384 | ---- | M] () -- C:\Users\shirley\Documents\Dish Room 1.wps
[2010/01/14 16:23:12 | 00,016,384 | ---- | M] () -- C:\Users\shirley\Documents\Night Cold Cart.wps
[2010/01/14 16:13:03 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\smoothie list.wps
[2010/01/14 16:04:34 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\PAGE 2 COLD CART 1.wps
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/09 15:11:07 | 00,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/01/04 20:55:37 | 00,002,045 | ---- | M] () -- C:\Users\shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2010/01/04 20:45:51 | 00,002,033 | ---- | M] () -- C:\Users\Public\Desktop\PMB.lnk
[2010/01/04 20:45:51 | 00,001,959 | ---- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2010/01/04 20:45:51 | 00,001,900 | ---- | M] () -- C:\Users\Public\Desktop\PMB Guide.lnk
[2010/01/02 00:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 00:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 00:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 00:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 00:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 00:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 00:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 00:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 00:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 00:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 22:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 22:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 22:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 22:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/27 11:38:19 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/01/27 11:38:19 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/27 11:38:19 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/01/27 11:38:19 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/01/27 11:38:19 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/01/27 11:36:17 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/01/27 11:36:10 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/01/27 11:36:10 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/01/27 11:36:05 | 00,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/27 11:36:03 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/01/26 14:17:27 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/26 14:17:26 | 54,743,474 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/26 14:17:26 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/26 14:17:26 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/26 14:17:26 | 00,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/26 14:17:26 | 00,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/01/26 09:21:09 | 00,000,120 | ---- | C] () -- C:\Users\shirley\AppData\Local\Oyixupovilo.dat
[2010/01/26 09:21:09 | 00,000,000 | ---- | C] () -- C:\Users\shirley\AppData\Local\Ccolo.bin
[2010/01/26 09:15:24 | 47,953,0958 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/26 09:06:40 | 00,004,096 | ---- | C] () -- C:\ytlmlfc.exe
[2010/01/24 21:35:39 | 00,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Play Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue.lnk
[2010/01/24 21:35:39 | 00,001,278 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/01/24 21:28:43 | 00,733,184 | ---- | C] () -- C:\Windows\System32\0c78.dll
[2010/01/24 17:20:42 | 00,001,220 | ---- | C] () -- C:\Users\shirley\Desktop\Resume Download Adobe_Flash_CS4_English_Windows.lnk
[2010/01/14 16:40:06 | 00,017,408 | ---- | C] () -- C:\Users\shirley\Documents\snack list.wps
[2010/01/14 16:13:03 | 00,017,408 | ---- | C] () -- C:\Users\shirley\Documents\smoothie list.wps
[2010/01/05 16:46:14 | 00,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/01/04 20:46:16 | 00,002,045 | ---- | C] () -- C:\Users\shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2010/01/04 20:45:51 | 00,002,033 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2010/01/04 20:45:51 | 00,001,959 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2010/01/04 20:45:51 | 00,001,900 | ---- | C] () -- C:\Users\Public\Desktop\PMB Guide.lnk
[2009/11/11 18:14:30 | 00,000,000 | ---- | C] () -- C:\Users\shirley\AppData\Local\seed.log
[2009/07/14 13:50:51 | 00,000,020 | ---- | C] () -- C:\Program Files\FullScreensavers.ini
[2009/06/22 13:09:53 | 00,033,200 | ---- | C] () -- C:\Users\shirley\AppData\Local\slot1.mm1
[2009/04/28 17:06:38 | 00,076,407 | ---- | C] () -- C:\Users\shirley\AppData\Roaming\Smiley.ico
[2009/03/02 22:48:39 | 00,005,120 | ---- | C] () -- C:\Users\shirley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 08:50:14 | 00,000,680 | ---- | C] () -- C:\Users\shirley\AppData\Local\d3d9caps.dat
[2009/02/21 22:16:17 | 00,000,608 | ---- | C] () -- C:\Users\shirley\AppData\Roaming\wklnhst.dat
[2008/11/05 03:14:52 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/05 03:14:52 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/20 20:24:53 | 00,000,000 | ---- | C] () -- C:\Windows\System32\msacm32.dll
[2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\mshlps.dll
[2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\kbdsock.dll

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 27th January 2010, 9:21 pm

OTL logfile created on: 1/27/2010 3:06:26 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\shirley\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 202.29 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.28 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-PC
Current User Name: shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/27 15:05:33 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\shirley\Downloads\OTL.exe
PRC - [2010/01/26 14:17:03 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/26 14:17:02 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/26 14:17:02 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/26 14:17:02 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/26 14:17:02 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/26 14:17:00 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/26 14:17:00 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/01/26 14:17:00 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/22 09:58:06 | 00,058,184 | ---- | M] () -- C:\ProgramData\TabQuery\tabquery117.exe
PRC - [2010/01/22 09:58:06 | 00,058,184 | ---- | M] () -- C:\Program Files\TabQuery\tabquery.exe
PRC - [2010/01/02 00:40:20 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/18 08:21:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/18 17:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/11/13 10:33:46 | 00,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/27 00:51:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/09/04 05:34:46 | 00,403,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/08/22 16:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/20 20:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 20:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 20:23:43 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2008/01/20 20:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe


========== Modules (SafeList) ==========

MOD - [2010/01/27 15:05:33 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\shirley\Downloads\OTL.exe
MOD - [2010/01/26 14:17:26 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/01/22 09:58:02 | 00,589,824 | ---- | M] () -- C:\Program Files\TabQuery\tabquery.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/01/20 20:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RelevantKnowledge)
SRV - [2010/01/26 14:17:00 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/26 14:17:00 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/22 09:58:06 | 00,058,184 | ---- | M] () [Auto | Running] -- C:\ProgramData\TabQuery\tabquery117.exe -- (TabQuery Service)
SRV - [2009/11/24 16:37:45 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6d56c5784d5d) Google Update Service (gupdate1ca6d56c5784d5d)
SRV - [2009/11/13 14:13:04 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 06:16:12 | 00,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/04/18 08:21:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/27 00:51:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/09/04 05:34:46 | 00,403,968 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService)
SRV - [2008/08/22 16:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/01/20 20:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/26 14:17:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/26 14:17:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/26 14:17:26 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/26 14:17:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/12 10:03:32 | 00,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/12 10:03:32 | 00,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/12 10:03:32 | 00,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/11/04 16:54:12 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/03 09:45:12 | 00,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2009/02/12 14:11:24 | 00,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/09/27 00:51:00 | 07,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 04:36:34 | 00,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/24 11:31:06 | 02,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 06:48:20 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 06:47:18 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 06:46:22 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 05:34:34 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 06:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 10:12:50 | 00,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 10:12:22 | 00,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/07/04 11:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/05/22 03:39:34 | 00,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 20:24:13 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\diskmgr.sys -- (diskmgr)
DRV - [2008/01/20 20:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 20:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/14 20:03:08 | 00,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 08:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 11:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/07/03 15:44:10 | 00,000,000 | ---D | M] -- C:\Users\shirley\AppData\Roaming\Mozilla\Extensions
[2009/07/03 15:44:10 | 00,000,000 | ---D | M] -- C:\Users\shirley\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/29 17:51:20 | 00,000,000 | ---D | M] -- C:\Users\shirley\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/29 17:51:20 | 00,000,000 | ---D | M] (No name found) -- C:\Users\shirley\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/26 09:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/26 09:06:41 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 15:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Mirar) - {BBF3DD47-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Mirar) - {BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mirar) - {BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Kfile] C:\Users\shirley\AppData\Local\mguicher.DLL File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SfKg6wIPuS] C:\Users\shirley\AppData\Roaming\Microsoft\Windows\oulwsv.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O4 - HKCU..\Run: [VibeFireAlerts] File not found
O4 - HKCU..\Run: [Vvatigo] C:\Users\shirley\AppData\Local\itaxodem.DLL (RAD Game Tools, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [WhereSphere] C:\Users\shirley\AppData\Roaming\WhereSphere\wheresphere.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\kbdsock.dll) - C:\Windows\System32\kbdsock.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shirley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shirley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\mshlps.dll) - C:\Windows\System32\mshlps.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 12:49:12 | 00,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010/01/27 12:49:12 | 00,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010/01/27 12:49:12 | 00,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010/01/27 11:38:19 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/01/27 11:38:19 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/01/27 11:38:19 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/01/27 11:36:17 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/01/27 11:36:17 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/01/27 11:36:10 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/01/27 11:36:10 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/01/27 11:36:02 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/01/27 11:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/27 11:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/27 11:35:58 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\PC Tools
[2010/01/27 11:35:58 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/26 14:17:27 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/26 14:17:26 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/26 14:17:26 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/26 14:17:26 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/01/26 14:17:26 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/26 14:17:26 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/26 14:17:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/26 14:17:14 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/01/26 14:16:59 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/26 13:56:24 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/26 09:21:08 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Local\{E0401780-5725-463D-9583-5F2329428F68}
[2010/01/26 09:16:46 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/26 09:06:38 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\ojjw.exe
[2010/01/26 08:55:50 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2010/01/24 21:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue
[2010/01/24 21:28:59 | 00,000,000 | ---D | C] -- C:\ProgramData\TabQuery
[2010/01/24 21:28:59 | 00,000,000 | ---D | C] -- C:\Program Files\TabQuery
[2010/01/24 21:00:48 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\Valusoft
[2010/01/24 21:00:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Valusoft
[2010/01/24 17:20:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/01/24 15:35:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/24 15:35:17 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/24 15:35:17 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/24 15:35:17 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/24 15:35:17 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/24 15:35:17 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/24 15:35:17 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/24 15:35:17 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/24 15:35:17 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/24 15:35:17 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/24 15:35:17 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/24 15:35:17 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/24 15:35:17 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/24 15:35:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/24 15:35:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/24 15:35:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/15 19:46:09 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\blg
[2010/01/15 19:46:09 | 00,000,000 | ---D | C] -- C:\ProgramData\blg
[2010/01/15 18:02:03 | 00,000,000 | ---D | C] -- C:\ProgramData\GoBit Games
[2010/01/15 14:37:04 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\Aisle 5 Games, Inc
[2010/01/14 14:35:33 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\TheFixerUpper
[2010/01/11 12:26:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/01/11 12:25:43 | 00,000,000 | ---D | C] -- C:\ProgramData\NeoEdge Networks
[2010/01/09 22:41:52 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\SerpentOfIsis
[2010/01/09 19:25:39 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\YoudaGames
[2010/01/05 16:51:32 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/01/04 20:55:42 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\Sony Corporation
[2010/01/04 20:55:42 | 00,000,000 | ---D | C] -- C:\Users\shirley\Documents\Picture Motion Browser
[2010/01/04 20:46:34 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/01/04 20:45:13 | 00,122,864 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxInsI64.exe
[2010/01/04 20:45:13 | 00,120,816 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxCpyI64.exe
[2010/01/04 20:45:13 | 00,072,176 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2010/01/04 20:45:13 | 00,066,544 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxCpyA64.exe
[2010/01/04 20:45:13 | 00,066,032 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxInsA64.exe
[2010/01/04 20:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/01/04 20:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/01/04 20:43:38 | 00,000,000 | ---D | C] -- C:\Users\shirley\AppData\Roaming\InstallShield
[2009/12/30 17:31:29 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/12/30 17:30:28 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/30 17:30:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/30 17:25:43 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/12/30 17:25:41 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/30 17:25:41 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2008/01/20 20:24:21 | 00,149,504 | ---- | C] (RAD Game Tools, Inc.) -- C:\Users\shirley\AppData\Local\itaxodem.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 15:09:42 | 03,407,872 | -HS- | M] () -- C:\Users\shirley\ntuser.dat
[2010/01/27 15:02:47 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/27 15:02:47 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/27 15:02:46 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/27 14:58:12 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/01/27 14:58:10 | 00,000,420 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2010/01/27 14:58:07 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/27 14:58:07 | 00,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/01/27 14:57:55 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 14:57:55 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 14:57:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/27 14:57:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/27 14:57:23 | 30,854,02112 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 14:56:37 | 00,524,288 | -HS- | M] () -- C:\Users\shirley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/27 14:56:37 | 00,065,536 | -HS- | M] () -- C:\Users\shirley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/27 14:54:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/27 13:10:17 | 00,000,120 | ---- | M] () -- C:\Users\shirley\AppData\Local\Oyixupovilo.dat
[2010/01/27 13:07:45 | 03,287,830 | -H-- | M] () -- C:\Users\shirley\AppData\Local\IconCache.db
[2010/01/27 11:36:05 | 00,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/27 11:06:08 | 00,000,000 | ---- | M] () -- C:\Users\shirley\AppData\Local\Ccolo.bin
[2010/01/27 09:19:14 | 54,743,474 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/26 14:17:27 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/26 14:17:26 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/26 14:17:26 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/26 14:17:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/26 14:17:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/26 14:17:26 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/01/26 14:17:26 | 00,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/26 14:17:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/26 14:17:26 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/26 14:17:26 | 00,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/01/26 12:56:55 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/01/26 09:16:46 | 47,953,0958 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/26 09:06:40 | 00,141,824 | ---- | M] (Microsoft Corporation) -- C:\ojjw.exe
[2010/01/26 09:06:40 | 00,004,096 | ---- | M] () -- C:\ytlmlfc.exe
[2010/01/24 21:35:39 | 00,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Play Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue.lnk
[2010/01/24 21:35:39 | 00,001,278 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/01/24 21:28:43 | 00,733,184 | ---- | M] () -- C:\Windows\System32\0c78.dll
[2010/01/24 17:21:25 | 00,001,220 | ---- | M] () -- C:\Users\shirley\Desktop\Resume Download Adobe_Flash_CS4_English_Windows.lnk
[2010/01/24 15:34:17 | 00,000,165 | ---- | M] () -- C:\Users\shirley\Desktop\More SpinTop Games.url
[2010/01/16 15:00:21 | 00,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/01/14 16:40:22 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\Day Cold Cart.wps
[2010/01/14 16:40:22 | 00,000,608 | ---- | M] () -- C:\Users\shirley\AppData\Roaming\wklnhst.dat
[2010/01/14 16:40:06 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\snack list.wps
[2010/01/14 16:31:12 | 00,016,384 | ---- | M] () -- C:\Users\shirley\Documents\Dish Room 1.wps
[2010/01/14 16:23:12 | 00,016,384 | ---- | M] () -- C:\Users\shirley\Documents\Night Cold Cart.wps
[2010/01/14 16:13:03 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\smoothie list.wps
[2010/01/14 16:04:34 | 00,017,408 | ---- | M] () -- C:\Users\shirley\Documents\PAGE 2 COLD CART 1.wps
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/09 15:11:07 | 00,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/01/04 20:55:37 | 00,002,045 | ---- | M] () -- C:\Users\shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2010/01/04 20:45:51 | 00,002,033 | ---- | M] () -- C:\Users\Public\Desktop\PMB.lnk
[2010/01/04 20:45:51 | 00,001,959 | ---- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2010/01/04 20:45:51 | 00,001,900 | ---- | M] () -- C:\Users\Public\Desktop\PMB Guide.lnk
[2010/01/02 00:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 00:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 00:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 00:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 00:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 00:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 00:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 00:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 00:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 00:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 22:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 22:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 22:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 22:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/27 11:38:19 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/01/27 11:38:19 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/27 11:38:19 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/01/27 11:38:19 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/01/27 11:38:19 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/01/27 11:36:17 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/01/27 11:36:10 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/01/27 11:36:10 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/01/27 11:36:05 | 00,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/27 11:36:03 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/01/26 14:17:27 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/26 14:17:26 | 54,743,474 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/26 14:17:26 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/26 14:17:26 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/26 14:17:26 | 00,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/26 14:17:26 | 00,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/01/26 09:21:09 | 00,000,120 | ---- | C] () -- C:\Users\shirley\AppData\Local\Oyixupovilo.dat
[2010/01/26 09:21:09 | 00,000,000 | ---- | C] () -- C:\Users\shirley\AppData\Local\Ccolo.bin
[2010/01/26 09:15:24 | 47,953,0958 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/26 09:06:40 | 00,004,096 | ---- | C] () -- C:\ytlmlfc.exe
[2010/01/24 21:35:39 | 00,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Play Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue.lnk
[2010/01/24 21:35:39 | 00,001,278 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/01/24 21:28:43 | 00,733,184 | ---- | C] () -- C:\Windows\System32\0c78.dll
[2010/01/24 17:20:42 | 00,001,220 | ---- | C] () -- C:\Users\shirley\Desktop\Resume Download Adobe_Flash_CS4_English_Windows.lnk
[2010/01/14 16:40:06 | 00,017,408 | ---- | C] () -- C:\Users\shirley\Documents\snack list.wps
[2010/01/14 16:13:03 | 00,017,408 | ---- | C] () -- C:\Users\shirley\Documents\smoothie list.wps
[2010/01/05 16:46:14 | 00,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/01/04 20:46:16 | 00,002,045 | ---- | C] () -- C:\Users\shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2010/01/04 20:45:51 | 00,002,033 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2010/01/04 20:45:51 | 00,001,959 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2010/01/04 20:45:51 | 00,001,900 | ---- | C] () -- C:\Users\Public\Desktop\PMB Guide.lnk
[2009/11/11 18:14:30 | 00,000,000 | ---- | C] () -- C:\Users\shirley\AppData\Local\seed.log
[2009/07/14 13:50:51 | 00,000,020 | ---- | C] () -- C:\Program Files\FullScreensavers.ini
[2009/06/22 13:09:53 | 00,033,200 | ---- | C] () -- C:\Users\shirley\AppData\Local\slot1.mm1
[2009/04/28 17:06:38 | 00,076,407 | ---- | C] () -- C:\Users\shirley\AppData\Roaming\Smiley.ico
[2009/03/02 22:48:39 | 00,005,120 | ---- | C] () -- C:\Users\shirley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 08:50:14 | 00,000,680 | ---- | C] () -- C:\Users\shirley\AppData\Local\d3d9caps.dat
[2009/02/21 22:16:17 | 00,000,608 | ---- | C] () -- C:\Users\shirley\AppData\Roaming\wklnhst.dat
[2008/11/05 03:14:52 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/05 03:14:52 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/20 20:24:53 | 00,000,000 | ---- | C] () -- C:\Windows\System32\msacm32.dll
[2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\mshlps.dll
[2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\kbdsock.dll
[2008/01/20 20:24:13 | 00,002,304 | ---- | C] () -- C:\Windows\System32\diskmgr.sys

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 27th January 2010, 9:22 pm

Hope I did that right? Never done anything like this..have patients with me..hahaha..thank you!!!

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by Belahzur on 27th January 2010, 9:47 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Mirar) - {BBF3DD47-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
    O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
    O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Mirar) - {BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
    O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Mirar) - {BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} - C:\Windows\System32\0c78.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll ()
    O4 - HKCU..\Run: [SfKg6wIPuS] C:\Users\shirley\AppData\Roaming\Microsoft\Windows\oulwsv.exe File not found
    O4 - HKCU..\Run: [VibeFireAlerts] File not found
    O4 - HKCU..\Run: [Vvatigo] C:\Users\shirley\AppData\Local\itaxodem.DLL (RAD Game Tools, Inc.)O4 - HKCU..\Run: [WhereSphere] C:\Users\shirley\AppData\Roaming\WhereSphere\wheresphere.exe File not found
    O20 - AppInit_DLLs: (C:\Windows\system32\kbdsock.dll) - C:\Windows\System32\kbdsock.dll ()
    O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\mshlps.dll) - C:\Windows\System32\mshlps.dll ()
    [2010/01/26 09:06:38 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\ojjw.exe
    [2010/01/26 09:06:40 | 00,004,096 | ---- | M] () -- C:\ytlmlfc.exe
    [2010/01/26 09:06:40 | 00,141,824 | ---- | M] (Microsoft Corporation) -- C:\ojjw.exe
    [2010/01/24 21:28:43 | 00,733,184 | ---- | C] () -- C:\Windows\System32\0c78.dll
    [2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\mshlps.dll
    [2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\kbdsock.dll
    [2008/01/20 20:24:13 | 00,002,304 | ---- | C] () -- C:\Windows\System32\diskmgr.sys


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[2010/01/26 09:06:40 | 00,004,096 | ---- | M] () -- C:\ytlmlfc.exe


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 27th January 2010, 10:22 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2010/01/26 09:06:38 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\ojjw.exe> in the current context!
Error: Unable to interpret <[2010/01/26 09:06:40 | 00,004,096 | ---- | M] () -- C:\ytlmlfc.exe> in the current context!
Error: Unable to interpret <[2010/01/26 09:06:40 | 00,141,824 | ---- | M] (Microsoft Corporation) -- C:\ojjw.exe> in the current context!
Error: Unable to interpret <[2010/01/24 21:28:43 | 00,733,184 | ---- | C] () -- C:\Windows\System32\0c78.dll> in the current context!
Error: Unable to interpret <[2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\mshlps.dll> in the current context!
Error: Unable to interpret <[2008/01/20 20:24:21 | 00,003,072 | ---- | C] () -- C:\Windows\System32\kbdsock.dll> in the current context!
Error: Unable to interpret <[2008/01/20 20:24:13 | 00,002,304 | ---- | C] () -- C:\Windows\System32\diskmgr.sys> in the current context!

OTL by OldTimer - Version 3.1.27.0 log created on 01272010_16221

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by Belahzur on 27th January 2010, 11:51 pm

Hmm, make sure you have the colon before OTL as the first line.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 28th January 2010, 12:36 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
C:\Program Files\BearShareTb\BearShareDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBF3DD47-94C7-41C6-9CCD-A2ECC8688DF1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBF3DD47-94C7-41C6-9CCD-A2ECC8688DF1}\ deleted successfully.
C:\Windows\System32\0c78.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ deleted successfully.
C:\Program Files\iWin\tbiWin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
File C:\Program Files\BearShareTb\BearShareDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1}\ deleted successfully.
File C:\Windows\System32\0c78.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ not found.
File C:\Program Files\iWin\tbiWin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ deleted successfully.
File C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBF3DD46-94C7-41C6-9CCD-A2ECC8688DF1}\ not found.
File C:\Windows\System32\0c78.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}\ not found.
File C:\Program Files\iWin\tbiWin.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ not found.
File C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SfKg6wIPuS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VibeFireAlerts deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vvatigo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\kbdsock.dll deleted successfully.
C:\Windows\System32\kbdsock.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\Windows\system32\mshlps.dll deleted successfully.
C:\Windows\System32\mshlps.dll moved successfully.
C:\ojjw.exe moved successfully.
C:\ytlmlfc.exe moved successfully.
File C:\ojjw.exe not found.
File C:\Windows\System32\0c78.dll not found.
File C:\Windows\System32\mshlps.dll not found.
File C:\Windows\System32\kbdsock.dll not found.
C:\Windows\System32\diskmgr.sys moved successfully.

OTL by OldTimer - Version 3.1.27.0 log created on 01272010_183524

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by tracij70 on 28th January 2010, 12:37 am

is that what I needed to do? Im sorry if I goofed before

tracij70
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-27
Gender Gender : Female
OS OS : windows vista
Points Points : 25211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help wth alpha virus?

Post by Belahzur on 28th January 2010, 5:51 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum