Now my laptop has something wrong

View previous topic View next topic Go down

Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 3:51 pm

Apparently my laptop know has something wrong with it. All I did yesterday was hook it up to my moms old screen. My daughter says that she didn't open anything. So I have no clue what happened to this laptop.
Yesterday I turned it off then when I turned it back on the whole date was changed and I couldnt access the internet. I mean it went back to January 2001. So I changed the date back and everything was fine, today when I try to get on the web it doesnt connect says I have no connection I check and see that the date is back at 2001. I fix it but it doesnt fix the problem. I run mbam and it says that it had 151 infections so i click to fix it. But this doesnt seem to fix the problem. This crazy no matter how careful you are you still get these viruses. I will post the last mbam file plus the hijackthis file.

The laptop is a vista and i am running it on safemode because this is the only way I can get on the web.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 3:52 pm

here is the mbam file after I had it cleaned

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

12/7/2010 10:30:55 AM
mbam-log-2010-12-07 (10-30-55).txt

Scan type: Quick scan
Objects scanned: 120239
Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 150

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WORDS (Trojan.Rond) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\WORDS\bk_10.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_100.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_101.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_102.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_103.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_104.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_105.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_106.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_107.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_108.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_109.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_11.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_110.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_111.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_112.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_113.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_114.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_115.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_116.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_117.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_118.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_119.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_12.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_120.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_121.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_122.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_123.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_124.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_125.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_126.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_127.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_128.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_129.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_130.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_131.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_132.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_133.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_134.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_135.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_136.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_137.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_138.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_139.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_14.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_140.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_141.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_142.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_143.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_144.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_145.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_146.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_147.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_148.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_149.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_15.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_150.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_16.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_17.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_18.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_19.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_20.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_21.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_22.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_23.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_24.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_25.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_26.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_27.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_28.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_29.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_30.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_31.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_32.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_33.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_34.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_35.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_36.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_37.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_38.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_39.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_4.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_40.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_41.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_42.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_43.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_44.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_45.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_46.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_47.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_48.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_49.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_5.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_50.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_51.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_52.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_53.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_54.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_55.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_56.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_57.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_58.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_59.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_6.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_60.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_61.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_62.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_63.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_64.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_65.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_66.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_67.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_68.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_69.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_7.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_70.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_71.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_72.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_73.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_74.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_75.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_76.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_77.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_78.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_79.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_8.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_80.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_81.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_82.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_83.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_84.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_85.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_86.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_87.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_88.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_89.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_9.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_90.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_91.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_92.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_93.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_94.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_95.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_96.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_97.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_98.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\WORDS\bk_99.dat (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\lead32.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\LEAD45.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\pcdlib.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\sendkey.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 3:53 pm

here is the hijckthis file that I did after the mbam clean

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:40:41 AM, on 12/7/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} (TTS Engine Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - [You must be registered and logged in to see this link.]
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca779e15c63da0) (gupdate1ca779e15c63da0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9259 bytes

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 5:32 pm

here is the otl log
OTL logfile created on: 12/7/2010 12:26:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 79.35 Gb Free Space | 57.77% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.88 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 804.26 Gb Free Space | 86.34% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 12:26:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/07 12:26:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/25 09:01:42 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/02/27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/30 02:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/29 14:08:00 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/27 20:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/09/03 00:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/09/03 00:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://webmail.aol.com/39997/aol/en-us/Suite.aspx"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.72
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cee613b&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/16 08:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/28 06:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/25 08:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/11/25 08:14:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 13:12:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/19 00:53:54 | 000,000,000 | ---D | M]

[2008/12/10 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/12/06 14:10:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions
[2009/01/09 20:55:10 | 000,000,000 | ---D | M] (Bible Blue Basic) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}
[2010/05/04 16:11:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/10 14:47:37 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2010/01/10 14:47:01 | 000,000,000 | ---D | M] (Scribblies Plain) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}
[2010/01/10 14:46:59 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/08/27 07:55:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/01/13 09:45:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\moveplayer@movenetworks.com
[2010/04/08 22:00:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\personas@christopher.beard
[2010/01/10 14:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2010/01/10 14:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/01/10 14:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}\chrome\mozapps\extensions
[2010/05/27 14:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/27 14:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/27 14:43:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} [You must be registered and logged in to see this link.] (CrazyTalk4 Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} [You must be registered and logged in to see this link.] (CPlayFirstCookingDasControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [You must be registered and logged in to see this link.] (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} [You must be registered and logged in to see this link.] (TTS Engine Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} [You must be registered and logged in to see this link.] (Live Collaboration)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/12 03:25:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/12/31 21:22:17 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 12:26:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/07 10:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/12/07 10:02:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/07 10:02:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/29 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Robinson Curriculum
[2010/11/29 11:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\TABLISTS
[2010/11/29 11:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\STUDENTS
[2010/11/29 11:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\SENTENCE
[2010/11/29 11:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\DATA
[2010/11/29 11:30:56 | 000,081,920 | ---- | C] (Borland International) -- C:\Windows\System32\bivbx11.dll
[2010/11/29 11:30:56 | 000,055,440 | ---- | C] (LEAD Technologies Inc.) -- C:\Windows\System32\lead.vbx
[2010/11/27 20:37:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ENGLISH
[2010/11/27 15:01:19 | 000,000,000 | R--D | C] -- C:\Users\Owner\AppData\Roaming\Brother
[2010/11/27 12:36:44 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BROSNMP.DLL
[2010/11/27 12:36:44 | 000,081,920 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2010/11/27 12:36:44 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\brlmw03a.dll
[2010/11/27 12:36:44 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\Windows\System32\brlm03a.dll
[2010/11/27 12:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2010/11/27 12:36:18 | 000,192,512 | ---- | C] (brother) -- C:\Windows\System32\Pdrvinst.dll
[2010/11/27 12:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/11/27 12:35:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ENGLISH
[2010/11/25 08:17:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AVG Security Toolbar
[2010/11/25 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2010/11/25 08:14:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/25 08:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/11/25 08:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/25 08:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/25 08:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/25 08:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/25 07:45:19 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Users\Owner\Documents\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/19 00:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/09 22:20:58 | 000,299,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/11/09 20:18:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[1997/03/28 14:55:00 | 000,055,440 | ---- | C] (LEAD Technologies Inc.) -- C:\Program Files\LEAD.VBX

========== Files - Modified Within 30 Days ==========

[2010/12/07 12:26:25 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-817221634-3884305041-3721437917-1000.job
[2010/12/07 12:26:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/07 10:40:25 | 000,002,517 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/12/07 10:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/07 10:38:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/07 10:38:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/07 10:38:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8850B951-228A-4804-B1AA-52756088F15A}.job
[2010/12/07 10:33:34 | 000,000,164 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/07 10:33:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 10:30:47 | 000,011,148 | ---- | M] () -- C:\Users\Owner\Desktop\mbam-log-2010-12-07 (10-30-36)2
[2010/12/07 10:02:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 10:01:27 | 000,006,648 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/12/07 10:00:39 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/12/07 10:00:39 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/12/07 03:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/06 23:50:08 | 101,171,292 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/06 22:14:23 | 000,630,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/06 22:14:23 | 000,115,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/06 15:10:54 | 000,001,392 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/12/06 14:03:04 | 000,000,435 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/12/06 14:03:04 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/12/02 21:01:28 | 000,038,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 19:45:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/12/02 10:37:54 | 000,002,305 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/11/29 18:01:51 | 006,489,600 | ---- | M] () -- C:\Users\Owner\Desktop\SterlingMathFactsInstaller(2).msi
[2010/11/27 12:37:01 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD5250DN.DAT
[2010/11/27 12:36:45 | 000,014,441 | ---- | M] () -- C:\Windows\HL-5250DN.INI
[2010/11/27 12:36:45 | 000,000,147 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2010/11/27 12:36:45 | 000,000,023 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/11/27 12:36:45 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2010/11/25 08:14:24 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/25 07:45:25 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\Owner\Documents\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/19 00:53:55 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/11/15 16:17:13 | 000,033,618 | ---- | M] () -- C:\Users\Owner\Documents\urbanvillage.jpg
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

========== Files Created - No Company Name ==========

[2010/12/07 11:26:04 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-817221634-3884305041-3721437917-1000.job
[2010/12/07 10:36:04 | 000,002,517 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/12/07 10:30:47 | 000,011,148 | ---- | C] () -- C:\Users\Owner\Desktop\mbam-log-2010-12-07 (10-30-36)2
[2010/12/07 10:02:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 10:00:39 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010/12/07 10:00:39 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010/12/06 23:50:08 | 101,171,292 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/06 14:03:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/11/29 18:01:45 | 006,489,600 | ---- | C] () -- C:\Users\Owner\Desktop\SterlingMathFactsInstaller(2).msi
[2010/11/29 11:30:56 | 001,974,784 | ---- | C] () -- C:\Program Files\rcfiles.exe
[2010/11/29 11:30:56 | 000,517,104 | ---- | C] () -- C:\Windows\System32\LEAD45.DLL
[2010/11/29 11:30:56 | 000,346,464 | ---- | C] () -- C:\Windows\System32\vdvbx.vbx
[2010/11/29 11:30:56 | 000,000,164 | ---- | C] () -- C:\Program Files\RCSUPP~1.URL
[2010/11/27 12:37:01 | 000,000,435 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/27 12:37:01 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2010/11/27 12:36:45 | 000,000,147 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/11/27 12:36:45 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/11/27 12:36:45 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/11/27 12:36:44 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/11/27 12:36:42 | 000,014,441 | ---- | C] () -- C:\Windows\HL-5250DN.INI
[2010/11/25 08:14:24 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/19 00:53:55 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/11/15 16:17:11 | 000,033,618 | ---- | C] () -- C:\Users\Owner\Documents\urbanvillage.jpg
[2009/08/10 18:19:09 | 000,001,392 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/23 21:37:15 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2008/02/16 23:26:16 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/15 10:38:25 | 000,038,400 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 08:26:53 | 000,006,648 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/10 22:11:55 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2008/02/10 22:11:55 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2008/02/10 22:11:55 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2008/01/24 21:01:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/12 03:39:19 | 000,000,735 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/10/31 08:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/11/07 20:58:56 | 000,000,107 | ---- | C] () -- C:\Program Files\PrintLog.txt
[2002/11/07 20:54:02 | 000,699,584 | ---- | C] () -- C:\Program Files\robinson.exe
[2002/07/29 15:01:36 | 000,001,450 | ---- | C] () -- C:\Program Files\fcvp_w.dat
[2002/07/29 15:01:36 | 000,001,325 | ---- | C] () -- C:\Program Files\fcvp_s.dat
[2002/07/16 14:10:52 | 000,009,154 | ---- | C] () -- C:\Program Files\robinson.ini
[2002/07/16 14:09:26 | 001,420,800 | ---- | C] () -- C:\Program Files\robinson.wri
[2002/07/09 10:59:08 | 000,000,164 | ---- | C] () -- C:\Program Files\RCSupport.url
[2002/04/09 11:37:40 | 000,000,766 | ---- | C] () -- C:\Program Files\robinson.ico
[2001/11/08 14:54:14 | 000,038,752 | ---- | C] () -- C:\Program Files\leaddib.drv
[1997/01/11 20:35:28 | 000,014,947 | ---- | C] () -- C:\Program Files\math.dat
[1997/01/11 20:35:28 | 000,005,468 | ---- | C] () -- C:\Program Files\phonics.dat
[1997/01/11 20:35:28 | 000,002,396 | ---- | C] () -- C:\Program Files\vdrill.dat

< End of report >

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 5:33 pm

here is the extras otl log
OTL Extras logfile created on: 12/7/2010 12:26:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 79.35 Gb Free Space | 57.77% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.88 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 804.26 Gb Free Space | 86.34% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13317619-BB67-4783-B14F-1197674AE6F8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{276F33C0-5527-4537-9D4E-04BF59DC31FA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{64BB9CAC-0B94-4AB2-821C-84E551C8D088}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7ECDBDF2-A780-4E6C-A70F-30D51095A209}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{87A5998B-D758-4C95-86BE-A348F933125E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4E813E5-AF5E-4F60-92CF-14DA96CDD617}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007CC5D7-0E8E-44D5-B02E-42CA16FFC29A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{071656D0-931F-4C0B-B792-EEA7667B4B7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{1304027B-9C86-487C-ABB9-5A6FF67C21A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{16805998-FEFB-4B80-9471-5DD3E6A0F088}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1D153740-F5F1-4477-A780-2F27D643099B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{214B838A-2898-4A48-82D8-666EDC35AFA3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{281C7F72-DC9A-4F9E-A4ED-54250F0BE42E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3204817B-1168-4D36-A556-614CE0E6A3E1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3ED663DE-60A1-419D-84D5-F9301BA7CE72}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{468A4364-6433-4127-BE91-82D43431FD6A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4C27ADE1-305E-4D82-A81C-653A1504EF9F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{50789C6E-2968-4795-B1A5-CB0903F58867}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{58650547-1B4C-428D-8960-B0ED89195DBB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5A51AE65-3F75-41B6-AD1E-51B1580C2587}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{5F3258DF-E58A-4022-AE80-193775E56132}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7FCFED6C-0C4E-4096-A4DB-CBD2EAAC799E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8D33FDD2-0130-4BE9-AD6F-6D30C78EBFAB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8F6C5AC0-B0CB-4217-BCC4-D1B1142F27BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{90468331-40D5-4A8C-AA1A-93A4E20E07D0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{947F097D-8B49-4ACA-80B6-1AA2B404327A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95E2F717-F762-45CD-97AD-77C9E5591DF6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{96BA7409-4F24-4808-AE89-500A8910A762}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{992DC8F3-A20D-4339-ABE6-3A023612468A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{A69A8E55-B555-44FC-A873-BB574A24E680}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BFCA2A12-9A92-4F43-9DDB-068E3E20D08D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CFC3E763-6F9C-4A1F-AB3A-C289D4FA0A98}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D567D313-DC23-4A4E-BE41-8633819F4C93}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DAD9DCD5-3B19-47CB-8E6F-ED8BE92184C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{DD7FEE29-64C7-4AFA-9BB5-7C7B6EA35BA1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{DDB741A2-817C-420D-9440-C0194567D49A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DDD6E4E8-F8DA-4C53-8EB5-2D80ADD60032}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E3CD7F8B-13AD-46BA-A142-7CC4C51F1166}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FB5000AF-7BFD-4253-AD3C-591A4E2151D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{FD697DA7-C813-4EEA-A629-C973C6D7FE53}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{FF474905-9776-4B53-B8A4-052E3CC84284}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{2C0EE003-5F63-4858-9B9A-0817C6797B92}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5247E2EE-5B8A-40DB-90C1-0FF395808F3F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{97A399D2-3BC3-4ED2-82B1-6D11CD1BDBFA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B75DCDCB-9532-4743-B246-01B5CB951F6A}C:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe |
"TCP Query User{EEF975C5-4F36-4AAD-9161-319AE5DF9F85}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1257326F-4E25-4118-BDA7-FDE78A09CDE8}C:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe |
"UDP Query User{4559FB9C-BC74-4A11-A77D-DEF63E6F9D12}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4EC5EA7F-3551-42BB-BB1A-731CB7CA5C08}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{69843750-1FBB-44C0-BCC5-72CD12D26092}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DF2B910E-3204-4379-8B0E-E85E0AF9BCD7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2243F21A-E132-44F7-BA13-024D0845C815}" = Microsoft SQL Server 2005 Backward compatibility
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}" = RTC Client API v1.2 Setup
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SOSHOME22)
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F1BA45A0-803C-43F0-9C1A-7095EF1B86DF}" = Brother HL-5250DN
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"AVG" = AVG 2011
"Byki Express" = Byki Express
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"RealPlayer 12.0" = RealPlayer
"Robinson Curriculum" = Robinson Curriculum
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2001 1:22:24 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/1/2001 1:01:19 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 1/1/2001 1:01:49 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/1/2001 1:01:50 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/1/2001 1:04:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/1/2001 1:04:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/7/2010 10:57:52 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/7/2010 11:17:52 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 12/7/2010 11:33:29 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 12/7/2010 11:40:03 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 7th December 2010, 6:27 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************
Please read here for more information about [You must be registered and logged in to see this link.]. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

WildTangent Web Driveror anything related to WildTangent.
**********************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

***************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted Zone: *.workathomeagent.net


Important: Close all open windows except for HijackThis and then click Fix checked.
**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************
Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see [You must be registered and logged in to see this link.]

Once completed, exit HijackThis.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 7:09 pm

security check log
Results of screen317's Security Check version 0.99.6
Windows Vista Service Pack 1 (UAC is enabled)
[You must be registered and logged in to see this link.]
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2011
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 7:39 pm

I cant seem to run combofix. I disabled avg but it said that avg was still running so I went ahead and deleted it but it still says that avg is running.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 7th December 2010, 8:01 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************
.I cant seem to run combofix. I disabled avg but it said that avg was still running so I went ahead and deleted it but it still says that avg is running..
Yes. ComboFix will not run when AVG is present. Please do this. Use this tool to get rid of AVG. Please select another free AV program from the list below. I prefer MicroSoft Security Essentials. Just install it and forget about it.

AVG Antivirus - [You must be registered and logged in to see this link.]

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
Now, please try to run ComboFix and post the log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 10:45 pm

I seem to have gotten this laptop fixed meaning I can get on the web with it but I would like to still make sure that it is clean now I used to link above to remove avg but now combo fix says that I have to disable norton antivirus the problem is that i dont have norton on my comp nor can i find it

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 7th December 2010, 10:51 pm

should i run combofix anyway?
Even though I can get on the web with my laptop without it being on safemode i would still like to make sure that it is clean.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 7th December 2010, 11:14 pm

Download the [You must be registered and logged in to see this link.] to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

Now, please try to run ComboFix and post the log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 9th December 2010, 1:45 pm

combo fix log

ComboFix 10-12-08.04 - Owner 12/09/2010 8:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1214 [GMT -5:00]
Running from: c:\users\Owner\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section - STAGE 10


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\West .. Career Opportunities (2).url
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\West at Home - Employee Login.url
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Work Place Like Home.url
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 13:40 . 2010-12-09 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-07 15:36 . 2010-12-07 15:36 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-12-07 15:36 . 2010-12-07 15:36 -------- d-----w- c:\program files\TrendMicro
2010-12-07 15:02 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 15:02 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 15:00 . 2010-12-07 15:00 1409 ----a-w- c:\windows\QTFont.for
2010-11-29 16:36 . 2010-11-29 16:36 -------- d-----w- c:\program files\Robinson Curriculum
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\TABLISTS
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\STUDENTS
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\SENTENCE
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\DATA
2010-11-29 16:30 . 2002-11-08 23:15 1974784 ----a-w- c:\program files\rcfiles.exe
2010-11-29 16:30 . 1997-03-28 19:55 55440 ----a-w- c:\windows\system32\lead.vbx
2010-11-29 16:30 . 1997-03-28 19:55 517104 ----a-w- c:\windows\system32\LEAD45.DLL
2010-11-29 16:30 . 1997-01-12 01:35 81920 ----a-w- c:\windows\system32\bivbx11.dll
2010-11-29 16:30 . 1997-01-12 01:35 346464 ----a-w- c:\windows\system32\vdvbx.vbx
2010-11-27 20:01 . 2010-11-27 20:01 -------- d-----r- c:\users\Owner\AppData\Roaming\Brother
2010-11-27 17:36 . 2006-12-21 16:23 176128 ------w- c:\windows\system32\BROSNMP.DLL
2010-11-27 17:36 . 2006-11-13 05:00 81920 ------w- c:\windows\system32\BRRBTOOL.EXE
2010-11-27 17:36 . 2004-09-24 05:00 24223 ------w- c:\windows\system32\brlm03a.dll
2010-11-27 17:36 . 2004-08-10 05:42 77824 ------w- c:\windows\system32\brlmw03a.dll
2010-11-27 17:36 . 2010-11-27 17:36 -------- d-----w- c:\program files\Brownie
2010-11-27 17:36 . 2010-11-27 17:36 -------- d-----w- c:\program files\Brother
2010-11-27 17:36 . 2006-08-18 18:27 192512 ------w- c:\windows\system32\Pdrvinst.dll
2010-11-27 17:35 . 2010-11-27 17:35 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-27 17:35 . 2010-11-27 17:35 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-27 17:35 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-27 17:35 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-27 17:35 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-27 17:35 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-27 17:35 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-25 13:16 . 2010-11-25 13:16 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG10
2010-11-25 13:14 . 2010-11-25 13:14 -------- d--h--w- c:\programdata\Common Files
2010-11-25 13:06 . 2010-12-07 20:42 -------- d-----w- c:\programdata\MFAData
2010-11-24 13:32 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 14:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B965FF8C-3C55-4F08-A9B7-958DA2BAD5C8}\mpengine.dll
2010-11-19 05:50 . 2010-11-19 05:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-11 13:03 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-10 01:18 . 2010-11-10 01:18 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-12-25 05:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-15 17:19 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-15 09:50 . 2010-05-27 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 16:37 . 2010-10-13 23:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2002-11-08 01:54 . 2002-11-08 01:54 699584 ----a-w- c:\program files\robinson.exe
2001-11-08 19:54 . 2001-11-08 19:54 38752 ----a-w- c:\program files\leaddib.drv
1997-03-28 19:55 . 1997-03-28 19:55 55440 ----a-w- c:\program files\LEAD.VBX
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca779e15c63da0;Google Update Service (gupdate1ca779e15c63da0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 00:33]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 00:33]

2010-12-03 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-12 19:58]

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{8850B951-228A-4804-B1AA-52756088F15A}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - [You must be registered and logged in to see this link.]
DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Tinseltown: {285da7e0-729d-11db-9fe1-0800200c9a66} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
FF - Extension: Move Media Player: [You must be registered and logged in to see this link.] - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Personas: [You must be registered and logged in to see this link.] - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-09 08:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-09 08:44:33
ComboFix-quarantined-files.txt 2010-12-09 13:44

Pre-Run: 84,862,836,736 bytes free
Post-Run: 85,939,888,128 bytes free

- - End Of File - - F3E65AF554241612B232572D94911B92

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 9th December 2010, 8:17 pm

Please run this scan and post the log.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

  • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 11th December 2010, 1:54 pm

here is the log

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found


tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 11th December 2010, 7:17 pm

ESET Online Scan

Scan your computer with the [You must be registered and logged in to see this link.]

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 16th December 2010, 3:47 am

here is the log
C:\SwSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 16th December 2010, 7:42 pm

How's your computer running now? Any outstanding issues?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 18th December 2010, 9:07 pm

So far its good the only issue is when it shuts down improperly the calendar goes to 2001. When I start it and see the screen that asks if I want to to go safe mode or start my comp regular I will click on start normally and then the internet does not work so i go and check the date and its back at 2001. This only started when I connected my moms screen to this laptop. Before that this never happened.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 18th December 2010, 11:31 pm

when it shuts down improperly the calendar goes to 2001
Does it do this often? You could try this.

Do you have your OS CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 20th December 2010, 1:39 pm

I have to look and see if I still have the cd/dvd.
It only started happening when I connected the laptop to my moms screen. B4 this it was fine. Even if it shut down improperly.

Yes it happens every time the laptop gets shut down improperly.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 20th December 2010, 8:40 pm

Ok. We'll wait to see if you can find the disk.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 21st December 2010, 3:04 am

Please try this: You will need to open up your computer and replace the CMOS battery. It's a small round battery. Just pop it out ( power off, of course) and pop in a new one.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 22nd December 2010, 12:09 pm

how do i open up the lap top?




















tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by Superdave on 22nd December 2010, 6:38 pm

It usually found under the laptop. If you turn over your laptop you will find different panels that can be removed. You should go to the website of your brand of laptop and get the information as to the location of the CMOS battery.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Now my laptop has something wrong

Post by tinyskids on 23rd December 2010, 3:19 pm

Thanks will let you know if this works.

tinyskids
Intermediate
Intermediate

Posts Posts : 81
Joined Joined : 2009-12-24
OS OS : windows xp
Points Points : 26600
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum