« previous next »
Pages: [1] 2

Author Topic: Computer completely disabled  (Read 2211 times)

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« on: November 20, 2010, 01:25:38 PM »
My computer is pretty much disabled at this point. Once the desktop finishes loading, if I try to click on anything at all, the hourglass appears, the display starts to fade to a lighter color, and everything is frozen.

The only way I am now able to get online to this forum is by working in SafeMode. I ran the AVG scanner, Spybot S&D, and CCleaner, but beyond that am not sure what to do.

The computer is running Windows Vista and we use AVG for our anti-virus software.

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:20:08 PM, on 11/20/2010
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)

Running processes:
C:\Windows\Explorer.EXE
C:\Users\nancy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Citi Virtual Account Numbers] C:\PROGRA~1\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


Thank you in advance for your help!
« Last Edit: November 20, 2010, 01:28:29 PM by mickapoo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #1 on: November 20, 2010, 01:49:46 PM »
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #2 on: November 20, 2010, 02:18:10 PM »
Thank you very much for your help. I will post the Extras.txt log in a second post.

Here is the OTL log:

OTL logfile created on: 11/20/2010 2:09:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\nancy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.00 Mb Total Physical Memory | 802.00 Mb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 165.82 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.10 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive E: | 19.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HOME_COMPUTER | User Name: nancy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/11/20 14:08:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/11/20 14:08:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 09:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/08/10 16:29:54 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/03/19 09:03:13 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/27 04:22:30 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2007/08/27 04:22:22 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2007/08/27 04:22:18 | 000,345,432 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2007/08/27 04:21:36 | 001,471,840 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/02 15:22:00 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/05/02 15:21:52 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/05/02 15:17:18 | 001,169,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/01/19 00:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/19 15:19:02 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/19 15:19:02 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/19 15:19:02 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/29 04:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/09/24 04:41:04 | 001,776,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/27 04:23:32 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/08/27 04:23:28 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1143
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/22 18:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 17:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 12:04:10 | 000,000,000 | ---D | M]
 
[2009/09/28 09:02:07 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions
[2009/04/16 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/20 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7652dqw9.default\extensions
[2009/09/29 15:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7652dqw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/28 09:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010/11/02 11:05:19 | 000,424,222 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 14622 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWINLOGON.DLL ()
O24 - Desktop WallPaper: C:\Users\nancy\Pictures\Brie and puppy.jpg
O24 - Desktop BackupWallPaper: C:\Users\nancy\Pictures\Brie and puppy.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb3daa90-ae2c-11dc-b998-806e6f6e6963}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/20 14:08:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
[2010/11/03 16:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/11/02 08:31:52 | 000,000,000 | ---D | C] -- C:\hijackthis
[2010/11/02 08:24:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/11/02 08:24:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/02 08:22:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/02 08:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/02 08:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/02 08:18:56 | 000,000,000 | ---D | C] -- C:\Users\nancy\Desktop\hijackthis
[2010/10/28 11:19:31 | 000,000,000 | -H-D | C] -- C:\$AVG
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/20 14:08:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
[2010/11/20 13:23:36 | 000,597,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/20 13:23:36 | 000,101,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/20 13:18:34 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/11/20 13:18:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/18 16:02:55 | 099,539,677 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/18 16:01:23 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/18 15:58:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/18 15:58:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/18 15:58:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 16:22:09 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\{90A00C99-6B78-4807-9932-C8DD4C24C592}.job
[2010/11/03 16:06:06 | 000,000,972 | ---- | M] () -- C:\Users\nancy\Desktop\Google Talk.lnk
[2010/11/02 11:05:19 | 000,424,222 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/02 08:32:01 | 098,219,479 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2010/11/02 08:21:18 | 000,001,057 | ---- | M] () -- C:\Users\nancy\Desktop\Spybot - Search & Destroy.lnk
[2010/10/25 09:30:52 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/22 18:43:53 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
 
========== Files Created - No Company Name ==========
 
[2010/11/03 16:22:09 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\{90A00C99-6B78-4807-9932-C8DD4C24C592}.job
[2010/11/03 16:06:06 | 000,000,972 | ---- | C] () -- C:\Users\nancy\Desktop\Google Talk.lnk
[2010/11/02 08:21:18 | 000,001,057 | ---- | C] () -- C:\Users\nancy\Desktop\Spybot - Search & Destroy.lnk
[2008/06/11 16:45:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/15 15:14:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/13 02:02:07 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/02/24 17:32:35 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/02/24 17:32:10 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/01/09 10:15:54 | 000,000,147 | ---- | C] () -- C:\Windows\pccillin.ini
[2008/01/09 08:55:03 | 000,007,052 | ---- | C] () -- C:\Users\nancy\AppData\Local\d3d9caps.dat
[2007/12/23 12:12:34 | 000,019,456 | ---- | C] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >
Logged

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #3 on: November 20, 2010, 02:19:31 PM »
And here is the Extras.txt log:

OTL Extras logfile created on: 11/20/2010 2:09:17 PM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\nancy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.00 Mb Total Physical Memory | 802.00 Mb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 165.82 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.10 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive E: | 19.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HOME_COMPUTER | User Name: nancy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C57038B-5CF6-4913-8434-A7574D9D50B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0E8CFFB5-F903-4EB2-96E4-71624DF7D036}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{252DCA01-66DA-4E2A-98CE-F36F9252AAA9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2A3E11F5-B749-4FC9-84FC-7E38B2F6B7B2}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{305AB921-37E2-477B-8B25-0FE811B6497A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{37DE1F80-D9D3-497A-A4AC-760085BDBBE5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3DC63B0A-2ACC-40F2-B16C-6CF2A3B156C7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{434434CE-7651-4E53-8D0F-72FD0D0604E0}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{5C633556-2C3B-4741-99EC-780CDC264477}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6B70F07E-900C-44BB-B242-0EAD7C0D6EEC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{6FCDCDD1-356F-4619-80FD-C9B9B1A72468}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{75096023-D61F-4469-9297-9E0EAE80235E}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7579E27C-C712-4700-BF6B-310580828BFA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7854BF74-FDFC-444F-8095-D629C9AFCB81}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7ABACE0A-1D52-45C1-BF70-18CD50FBE8DB}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{7E57D4D5-67C9-445C-BA21-E76FBE1E9A4B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{857FEEB6-E7D5-4234-ABB2-70C01CEBEDC1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9763B0F-9015-4BEB-99E5-06ABECDBA891}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C24EE8DC-C9A7-4B9D-9DD2-AD1BA5413F92}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D46C5FC0-1A69-41F6-85EE-A085A556C0DC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DFBF901D-6399-47B5-9994-5028FEC6B5CB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E17EC73A-8545-44B6-BEC6-14826A1C1216}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E920F88A-1774-44DD-B30F-E124552CF9DC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F497E6ED-708E-4F4F-AA36-FFB38E66D4A1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"TCP Query User{31BFD239-3DC1-4BC4-88BC-6667BD476378}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4D9FD02F-71EE-4850-B79D-326A058AAA15}C:\users\nancy\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\nancy\downloads\utorrent.exe |
"UDP Query User{0D4CAD4D-4BC9-4F0B-9575-7F181B04E772}C:\users\nancy\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\nancy\downloads\utorrent.exe |
"UDP Query User{BAC6B820-2212-4889-8B76-DC7E1C4D6598}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2017CE7C-CB9D-4FF7-967D-5A6B67FC7EF2}" = LeapFrog Leapster2 Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5770FD5-7345-47E0-BEB8-54522270D58F}" = AVG 2011
"{BAFDD9A5-0E66-41B9-B163-1F217CFA7919}" = VolusionLiveChat
"{C82257D5-970D-4371-8616-6B8E5693C99F}" = LeapFrog Connect
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Core FTP LE 2.1" = Core FTP LE 2.1
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.480
"HijackThis" = HijackThis 1.99.1
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TmPcc" = Trend Micro PC-cillin Internet Security
"UPCShell" = LeapFrog Connect
"Yahoo! Companion" = Yahoo! ¤u¨ã¦C
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/2/2009 2:35:04 PM | Computer Name = home_computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12/2/2009 3:16:30 PM | Computer Name = home_computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12/2/2009 3:18:02 PM | Computer Name = home_computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12/4/2009 2:39:52 PM | Computer Name = home_computer | Source = Application Error | ID = 1000
Description = Faulting application CitiVAN.exe, version 3.7.3.0, time stamp 0x47596c1c,
 faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
 code 0xc0000005, fault offset 0x000684e4,  process id 0x928, application start time
 0x01ca745784b7dbdf.
 
Error - 12/30/2009 9:08:21 PM | Computer Name = home_computer | Source = Application Error | ID = 1000
Description = Faulting application CitiVAN.exe, version 3.7.3.0, time stamp 0x47596c1c,
 faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
 code 0xc0000005, fault offset 0x000688e8,  process id 0x8cc, application start time
 0x01ca84b080f5bc70.
 
Error - 7/13/2010 8:43:06 AM | Computer Name = home_computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/13/2010 8:47:00 AM | Computer Name = home_computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 7/13/2010 9:16:00 AM | Computer Name = home_computer | Source = Google Update | ID = 20
Description =
 
Error - 7/21/2010 5:22:50 PM | Computer Name = home_computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/6/2010 4:16:01 PM | Computer Name = home_computer | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 11/18/2010 4:58:10 PM | Computer Name = home_computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:20:18 AM on 11/15/2010 was unexpected.
 
Error - 11/18/2010 4:58:12 PM | Computer Name = home_computer | Source = HTTP | ID = 15016
Description =
 
Error - 11/18/2010 4:59:17 PM | Computer Name = home_computer | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11/20/2010 2:18:25 PM | Computer Name = home_computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:25:21 PM on 11/18/2010 was unexpected.
 
Error - 11/20/2010 2:18:34 PM | Computer Name = home_computer | Source = DCOM | ID = 10005
Description =
 
Error - 11/20/2010 2:18:43 PM | Computer Name = home_computer | Source = DCOM | ID = 10005
Description =
 
Error - 11/20/2010 2:18:48 PM | Computer Name = home_computer | Source = DCOM | ID = 10005
Description =
 
Error - 11/20/2010 2:19:56 PM | Computer Name = home_computer | Source = Service Control Manager | ID = 7001
Description =
 
Error - 11/20/2010 2:19:56 PM | Computer Name = home_computer | Source = Service Control Manager | ID = 7001
Description =
 
Error - 11/20/2010 2:19:56 PM | Computer Name = home_computer | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #4 on: November 20, 2010, 02:29:53 PM »
Can you do the following
disable SpybotSD TeaTimer, as it may interfere with our next steps
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

In addition:
Disable Windows Defender
Window's Defender
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.    
  • If an update is found, it will download and install the latest version.    
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.    
  • The scan may take some time to finish,so please be patient.    
  • When the scan is complete, click OK, then Show Results to view the results.    
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.    
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also, can you let me know when you install the latest version of AVG
Did the problems start right afterward
I ask because I notice the following
958.00 Mb Total Physical Memory | 802.00 Mb Available Physical Memory | 84.00% Memory free

Only 1GB memory running Vista and new AVG is not nearly enough
We'll deal with that in a bit
I know it says 84% free memory, that's because your running in safe mode
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #5 on: November 20, 2010, 02:38:08 PM »
[quote name='guestolo' date='20 November 2010 - 02:29 PM' timestamp='1290281393' post='473238']
Can you do the following
disable SpybotSD TeaTimer, as it may interfere with our next steps
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
[/quote]

when I get into the Tools, the Resident check box is already selected, but I do not see anything titled Teatimer. Would it be under something else?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #6 on: November 20, 2010, 02:42:51 PM »
Click on Resident on the left hand side
Then UNTICK "Resident TeaTimer" on the right
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #7 on: November 20, 2010, 03:04:45 PM »
[quote name='guestolo' date='20 November 2010 - 02:29 PM' timestamp='1290281393' post='473238']
Also, can you let me know when you install the latest version of AVG
Did the problems start right afterward
I ask because I notice the following
958.00 Mb Total Physical Memory | 802.00 Mb Available Physical Memory | 84.00% Memory free

Only 1GB memory running Vista and new AVG is not nearly enough
We'll deal with that in a bit
I know it says 84% free memory, that's because your running in safe mode
[/quote]

Thanks, sorry for my confusion.

I'm not sure when AVG was installed, but I'm pretty sure it was after this problem started. I'm not positive though. It's actually my mom's computer, and I'm going back and forth to her house to try to figure this out, with your help of course. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Would I be able to look somewhere to find the date of installation?

I had no idea 1GB wasn't enough to run Vista & AVG. I thought that was more than enough- she rarely uses any other programs, mostly just has a browser open. Is that because of the operating system? I only have 1GB of ram and I'm fine with multiple programs open (Photoshop, Cuteftp, Textpad, Outlook, etc...), but I'm running XP, not Vista.

Oh, by the way, when I left her house MBAM was still scanning, but had already found 1 threat.

Thanks again for all of your help.
« Last Edit: November 20, 2010, 03:05:41 PM by mickapoo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #8 on: November 20, 2010, 03:16:28 PM »
I would like to reduce some of the security software on her computer
Just as troubleshooting, of course we'll replace as needed
Get that log from MBAM and we'll go from there

Vista Basic recommends minimum 512mb
I say that is too low, 1GB min, but I always suggest at least 2
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #9 on: November 20, 2010, 03:56:03 PM »
Here is the MBAM log. I am going to reboot and see how it goes...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5158

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

11/20/2010 3:53:22 PM
mbam-log-2010-11-20 (15-53-22).txt

Scan type: Quick scan
Objects scanned: 139367
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #10 on: November 20, 2010, 04:14:12 PM »
Let's try the following and see if we can get this computer in Normal windows
Double  click on OTL.exe and Run it
  • Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    [2010/11/03 16:22:09 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\{90A00C99-6B78-4807-9932-C8DD4C24C592}.job
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    [RESETHOSTS]
    [Reboot]

  • Then click the [color="#FF0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #11 on: November 20, 2010, 04:36:55 PM »
Here is the OTL log after running the fix:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
File C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe not found.
File C:\Windows\tasks\{90A00C99-6B78-4807-9932-C8DD4C24C592}.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: nancy
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 126603880 bytes
->Java cache emptied: 697732 bytes
->FireFox cache emptied: 45803026 bytes
->Flash cache emptied: 245024 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1480463 bytes
RecycleBin emptied: 407489558 bytes
 
Total Files Cleaned = 555.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: nancy
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.17.3 log created on 11202010_162620

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #12 on: November 20, 2010, 04:38:46 PM »
Are you now in normal windows?

If you are can you reopen OTL.exe and click on "Quick Scan"
When it's done post the new log that opens please

EDIT>>Can you also do the following
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
« Last Edit: November 20, 2010, 04:51:16 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #13 on: November 20, 2010, 08:14:06 PM »
Here is the OTL log:

OTL logfile created on: 11/20/2010 4:46:35 PM - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\nancy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 165.49 Gb Free Space | 74.28% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.10 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive E: | 19.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HOME_COMPUTER | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/11/20 14:08:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 00:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 03:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 02:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/09/07 02:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/03 09:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/03 09:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/13 12:03:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 12:22:44 | 000,554,328 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 20:24:39 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/12/19 07:50:23 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/12/07 14:52:52 | 000,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Virtual Account Numbers\CitiVAN.exe
PRC - [2007/12/07 14:51:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\OBroker.exe
PRC - [2007/09/24 04:41:02 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/11/20 14:08:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 09:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/27 04:22:30 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2007/08/27 04:22:22 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2007/08/27 04:22:18 | 000,345,432 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2007/08/27 04:21:36 | 001,471,840 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/02 15:22:00 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/05/02 15:21:52 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/05/02 15:17:18 | 001,169,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/01/19 00:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/19 15:19:02 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/19 15:19:02 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/19 15:19:02 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/29 04:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/09/24 04:41:04 | 001,776,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/27 04:23:32 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/08/27 04:23:28 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1143
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/22 18:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/20 16:43:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 12:04:10 | 000,000,000 | ---D | M]
 
[2009/09/28 09:02:07 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions
[2009/04/16 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/20 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7652dqw9.default\extensions
[2009/09/29 15:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7652dqw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/28 09:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010/11/20 16:28:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\nancy\Pictures\Brie and puppy.jpg
O24 - Desktop BackupWallPaper: C:\Users\nancy\Pictures\Brie and puppy.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb3daa90-ae2c-11dc-b998-806e6f6e6963}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/20 16:50:18 | 000,000,000 | ---D | C] -- C:\686b9d04e658a0bf66
[2010/11/20 16:16:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/20 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\Malwarebytes
[2010/11/20 14:47:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/20 14:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/20 14:47:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/20 14:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/20 14:42:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\nancy\Desktop\mbam-setup-1.46.exe
[2010/11/20 14:08:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
[2010/11/03 16:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/11/02 08:31:52 | 000,000,000 | ---D | C] -- C:\hijackthis
[2010/11/02 08:24:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/11/02 08:24:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/02 08:22:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/02 08:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/02 08:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/02 08:18:56 | 000,000,000 | ---D | C] -- C:\Users\nancy\Desktop\hijackthis
[2010/10/28 11:19:31 | 000,000,000 | -H-D | C] -- C:\$AVG
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/20 16:39:47 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/20 16:39:47 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/20 16:35:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/20 16:32:04 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/11/20 16:32:02 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 16:32:02 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 16:32:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/20 16:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/20 16:31:46 | 1002,971,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/20 16:28:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/20 16:22:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/20 16:17:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/20 16:06:00 | 099,708,865 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/20 14:47:13 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 14:42:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\nancy\Desktop\mbam-setup-1.46.exe
[2010/11/20 14:08:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Desktop\OTL.exe
[2010/11/02 08:21:18 | 000,001,057 | ---- | M] () -- C:\Users\nancy\Desktop\Spybot - Search & Destroy.lnk
[2010/10/22 18:43:53 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
 
========== Files Created - No Company Name ==========
 
[2010/11/20 16:31:46 | 1002,971,136 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/20 14:47:13 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 08:21:18 | 000,001,057 | ---- | C] () -- C:\Users\nancy\Desktop\Spybot - Search & Destroy.lnk
[2008/06/11 16:45:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/15 15:14:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/13 02:02:07 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/02/24 17:32:35 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/02/24 17:32:10 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/01/09 10:15:54 | 000,000,147 | ---- | C] () -- C:\Windows\pccillin.ini
[2008/01/09 08:55:03 | 000,007,052 | ---- | C] () -- C:\Users\nancy\AppData\Local\d3d9caps.dat
[2007/12/23 12:12:34 | 000,019,456 | ---- | C] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/10/10 11:10:54 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\AVG10
[2010/11/20 16:41:19 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\BitTorrent
[2010/11/02 10:59:14 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\CoreFTP
[2008/03/25 08:57:11 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\GlobalSCAPE
[2010/06/07 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\LimeWire
[2008/01/01 07:16:47 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\MusicNet
[2010/09/25 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\uTorrent
[2010/11/20 16:22:15 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Logged

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #14 on: November 20, 2010, 08:16:10 PM »
Sorry, forgot to answer your question. Yes, I am in normal Windows mode now, no longer running in Safe Mode. Things are smooth so far.


INSTALLED SOFTWARE (91) - HOME_COMPUTER - 11/20/2010 8:13:47 PM

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)   Ver: 8.1.2   Installed: 8/31/2008
Adobe Flash Player 10 Plugin   Ver: 10.1.102.64
Adobe Flash Player ActiveX   Ver: 9.0.115.0
Adobe Photoshop 5.5   Ver: 5.5
Adobe Reader 8.1.2   Ver: 8.1.2   Installed: 5/25/2008
Adobe Reader 8.1.2 Security Update 1 (KB403742)   
AVG 2011   Ver: 10.0.1144
AVG 2011   Ver: 10.0.1144   Installed: 10/22/2010
AVG 2011   Ver: 10.0.424   Installed: 10/25/2010
Browser Address Error Redirector   Ver: 1.00.0000   Installed: 12/19/2007
Canon G.726 WMP-Decoder   Ver: 1.1.0.4
Canon MovieEdit Task for ZoomBrowser EX   Ver: 2.6.0.4
Canon RAW Image Task for ZoomBrowser EX   Ver: 0.9.3.9
Canon Utilities CameraWindow   Ver: 7.1.0.2
Canon Utilities CameraWindow DC   Ver: 7.1.0.7
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX   Ver: 6.4.2.16
Canon Utilities MyCamera   Ver: 6.4.0.5
Canon Utilities MyCamera DC   Ver: 7.0.1.8
Canon Utilities PhotoStitch   Ver: 3.1.21.45
Canon Utilities RemoteCapture Task for ZoomBrowser EX   Ver: 1.7.1.9
Canon Utilities ZoomBrowser EX   Ver: 6.1.0.20
Canon ZoomBrowser EX Memory Card Utility   Ver: 1.1.0.8
Conexant D850 PCI V.92 Modem   
Core FTP LE 2.1   
CuteFTP 5.0 XP   
Dell DataSafe Online   Ver: 1.0.21   Installed: 12/19/2007
Dell Getting Started Guide   Ver: 1.00.0000   Installed: 12/19/2007
Dell Support Center (Support Software)   Ver: 2.2.09085   Installed: 10/14/2009
Digital Line Detect   Ver: 1.21   Installed: 12/19/2007
EarthLink Setup Files   Ver: 2005.2.178.0.2.2   Installed: 12/19/2007
Google Toolbar for Internet Explorer   
Google Toolbar for Internet Explorer   Ver: 1.0.0   Installed: 4/27/2009
Google Update Helper   Ver: 1.2.183.39   Installed: 10/17/2010
Google Updater   Ver: 2.4.1536.6592
HijackThis 1.99.1   Ver: 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)   Ver: 1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)   Ver: 1
Internet Service Offers Launcher   Ver: 1.00.0000   Installed: 12/19/2007
Java(TM) SE Runtime Environment 6   Ver: 1.6.0.0   Installed: 12/19/2007
LeapFrog Connect   Ver: 2.5.5.10079
LeapFrog Connect   Ver: 2.5.5.10079   Installed: 7/28/2010
LeapFrog Leapster2 Plugin   Ver: 2.5.5.10079   Installed: 7/28/2010
Malwarebytes' Anti-Malware      Installed: 11/20/2010
Microsoft .NET Framework 3.5 SP1   
Microsoft .NET Framework 3.5 SP1   Ver: 3.5.30729   Installed: 10/7/2010
Microsoft Easy Assist   Ver: 1.0.2028.0   Installed: 3/15/2008
Microsoft Office Small Business Edition 2003   Ver: 11.0.5614.0   Installed: 3/15/2008
Microsoft Silverlight   Ver: 3.0.40818.0   Installed: 9/27/2009
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148   Ver: 9.0.30729.4148   Installed: 10/8/2010
Microsoft Works   Ver: 08.05.0818   Installed: 12/19/2007
Modem Diagnostic Tool   Ver: 1.0.17.8   Installed: 12/19/2007
Mozilla Firefox (3.5.9)   Ver: 3.5.9 (en-US)
MSXML 4.0 SP2 (KB936181)   Ver: 4.20.9848.0   Installed: 12/31/2007
MSXML 4.0 SP2 (KB954430)   Ver: 4.20.9870.0   Installed: 11/15/2008
MSXML 4.0 SP2 (KB973688)   Ver: 4.20.9876.0   Installed: 11/27/2009
Music, Photos & Videos Launcher   Ver: 1.00.0000   Installed: 12/19/2007
NetWaiting   Ver: 2.5.44   Installed: 12/19/2007
NVIDIA Drivers   Ver: 1.4
NVIDIANetworkDiagnostic   Ver: 1.00.0000   Installed: 12/19/2007
NVIDIANetworkDiagnostic   Ver: 1.00.0000   Installed: 12/19/2007
PowerDVD   Ver: 7.0   Installed: 12/19/2007
Product Documentation Launcher   Ver: 1.00.0000   Installed: 12/19/2007
RealPlayer   
Realtek High Definition Audio Driver   
Roxio Creator Audio   Ver: 3.3.0   Installed: 12/19/2007
Roxio Creator BDAV Plugin   Ver: 3.3.0   Installed: 12/19/2007
Roxio Creator Copy   Ver: 3.3.0   Installed: 12/19/2007
Roxio Creator Data   Ver: 3.3.0   Installed: 12/19/2007
Roxio Creator DE   Ver: 3.3.0   Installed: 12/19/2007
Roxio Creator Tools   Ver: 3.3.0   Installed: 12/19/2007
Roxio Express Labeler   Ver: 2.1.0   Installed: 12/19/2007
Roxio MyDVD DE   Ver: 9.0.116   Installed: 12/19/2007
Roxio Update Manager   Ver: 3.0.0   Installed: 12/19/2007
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)   Ver: 1
Shockwave Flash   Ver: 9.0.115.0
Sonic Activation Module   Ver: 1.0   Installed: 12/19/2007
Spybot - Search & Destroy   Ver: 1.6.2   Installed: 11/2/2010
Trend Micro PC-cillin Internet Security   Ver: 14.7   Installed: 12/19/2007
Trend Micro PC-cillin Internet Security   Ver: 14.7   Installed: 12/19/2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)   Ver: 1
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)   
User's Guides   
Virtual Account Numbers   Ver: 3.7.3.0   Installed: 5/12/2009
VolusionLiveChat   Ver: 1.0.2   Installed: 11/18/2009
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)   Ver: 09/10/2009 02.03.05.012
Windows Mobile Device Center   Ver: 6.1.6965.0   Installed: 12/19/2007
Windows Mobile Device Center Driver Update   Ver: 6.1.6965.0   Installed: 12/19/2007
Yahoo! Install Manager   
Yahoo! Internet Mail   
Yahoo! Music Jukebox   Ver: 2.1.1.013   Installed: 12/19/2007
Yahoo! ¤u¨ã¦C
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #15 on: November 20, 2010, 08:18:24 PM »
Can you just verify, is this a Dell computer?
Then, are you willing to uninstall most security software and start fresh with other software?

I think it will make a big difference in the performance of this computer
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #16 on: November 21, 2010, 10:06:36 AM »
[quote name='guestolo' date='20 November 2010 - 08:18 PM' timestamp='1290302304' post='473250']
Can you just verify, is this a Dell computer?
Then, are you willing to uninstall most security software and start fresh with other software?

I think it will make a big difference in the performance of this computer
[/quote]

Yes, it is a Dell. We don't mind removing some of the software- but we will continue to utilize AVG, right?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #17 on: November 21, 2010, 01:57:41 PM »
Quote
but we will continue to utilize AVG, right?
I was hoping to use something less on resources, but we'll stick with it since you like it

Let's update some software to make it more secure and remove some software that is most likely contributing to slow this computer
You should probably Print these instructions, or save them to a text file on desktop
We need to close browser windows in much of these instructions

Can you first temporarily disable AVG's protections so they won't interfere with the removal of any software
# Open the AVG Program.
# On the Tools menu, click Advanced settings.
# Click Temporarily disable AVG protection in the menu on the left side.
# Select the Temporarily disable AVG protection check box, and then click OK.
# Choose how long you want the protection to be disabled, select permanent or a time long enough that we can do the next steps

You may leave Spybot installed, but I would refrain from reenabling the TeaTimer for now
or permanently, it is using valueable resources that this computer can use
Another option is to just uninstall it
If you choose to uninstall it, first,close any browser windows that may be open
Then open Spybot
Click on Tools in bottom left hand corner.
Click on Resident icon.
Ensure both TeaTimer and SDHelper are both UNChecked
Click Allow Change box if prompted
Leave browsers closed, click on "Immunize" on the left
Then click on UNDO on the top right, give it time to deimmunize
Close Spybot

when done, uninstall it from "Programs and Features" menu in Control Panel

Let's also remove Windows Defender, please uninstall from Programs/Features
Reboot the computer after both are removed, or if you held onto Spybot
After you have removed WD

Back in Windows
Ensure that AVG's protections are still disabled
We should remove Trend Micro PC-cillin Internet Security Ver: 14.7
It's probably butting heads with AVG and causing system instabilities and slowdowns
Go to the following link
http://esupport.trendmicro.com/6/How-do-I-uninstall-Trend-Micro-PC-cillin-Internet-Security-14-for-Dell.aspx
It appears you have a 32bit system
Save the Windows Vista and Windows 7 (32-bit) download to your desktop
I would again close any browser windows you may have open
Right click on the Uninstaller and choose to "Run as Administrator"
Follow the instructions posted on Trend Micro site
As follows:
  • Click the [E] Uninstall tab.
  • Click Uninstall.
  • Click UnInstall when you are asked to confirm the uninstallation.
  • Wait while the tool uninstalls your program. This may take a few minutes.
  • Click Yes when you are prompted to restart your computer.
When that's done, and after you have restarted the computer
Let's get some of your software updated and secured
Access Programs and Features in Control Panel
Uninstall the following with browser windows closed
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1
Java™ SE Runtime Environment 6 Ver: 1.6.0
In addition, you can remove
HijackThis 1.99.1 <- this is very old

NEXT: To make sure you have the latest version of Adobe Flash Player installed:
and remove older version
1. Download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Right Click on the file you've downloaded and choose to "Run as Admin" to uninstall Flash.
When completed, you can delete the uninstaller

Finally, reboot the computer

Back in Windows, let's get updated software
[color="blue"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) .
  • Save the Windows OFFLINE installer to desktop
  • Right click on the installer, "Run as Admin" to run it
  • Follow the prompts, UNTICK the option to install Google toolbar or similiar
You can delete the installer after successful install

let's get Adobe Reader updated
Go to the following link
http://get.adobe.com/reader/

UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar
Download/install the latest version of Adobe Reader

Let's update Adobe Flash
Go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

When all that's done
Can you next do the following
Right click on OTL.exe and choose to "Run As Admin"
Run one last Quick Scan, post the results when done
Let me know how things are now running

Note: Ensure your protections with AVG are now reenabled
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mickapoo

  • Full Member
  • ***
  • Posts: 150
  • Karma: +0/-0
    • View Profile
Computer completely disabled
« Reply #18 on: November 24, 2010, 05:41:44 AM »
[quote name='guestolo' date='21 November 2010 - 01:57 PM' timestamp='1290365861' post='473261']
I was hoping to use something less on resources, but we'll stick with it since you like it
[/quote]
We're ok with uninstalling AVG, I was just under the impression that it was the best free anti-virus program to use. What do you recommend? We'll use your recommendations if you feel there is something that will work better for her situation.

[quote name='guestolo' date='21 November 2010 - 01:57 PM' timestamp='1290365861' post='473261']
You may leave Spybot installed, but I would refrain from reenabling the TeaTimer for now
or permanently, it is using valueable resources that this computer can use
Another option is to just uninstall it
[/quote]
Would it be best to uninstall Spybot completely, or should we keep it to prevent malware?

I went over yesterday and still it's having the same problems. Once it booted and I got to the desktop (normal mode), if I tried to open any program it just froze up.

Thanks again for your continued help!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer completely disabled
« Reply #19 on: November 24, 2010, 07:31:55 PM »
Go ahead and uninstall AVG
If your having trouble remoing it, or probably a good idea to run this tool after you uninstall it anyways
Download and save to your desktop AVG uninstall utility from this link
http://www.avg.com/us-en/download-tools
Run the tool rebooting afterwards

Open OTL.exe, run a quick scan and post the log that opens
Let me know also how things are now running with AVG removed
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1] 2
« previous next »