I'm kevinf80 and I will be helping with any malware issues you may have with your system.
Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.
Please proceed as follows :-
Step 1
I need you to shut off Teatimer, it will interefere with any tools we try to run. Leave it off until I tell you otherwise:
1) Open Spybot-S&D 2) Go to the Mode menu, and make sure "Advanced Mode" is selected 3) On the left hand side, choose Tools -> Resident 4) Uncheck "Resident TeaTimer" and OK any prompts 5) Restart your computer.
Step 2
Download TFC to your desktop, from either of the following links Link 1 Link 2
Make any open work is saved. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Under the Custom Scan box paste this in from between the dotted lines -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Below are the two notepad scan results...I never got an "Extras" from OTL...what's that mean??
MBRCheck, version 1.2.3 (c) 2010, AD
Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Inspiron 1525 Logical Drives Mask: 0x0000001c
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
PhysicalDrive0 Model Number: ST9320320AS, Rev: DE04
Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
OTL logfile created on: 12/15/2010 12:54:11 PM - Run 6 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sharon Morgan\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.79 Gb Total Space | 231.32 Gb Free Space | 80.94% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 3.69 Gb Free Space | 37.75% Space Free | Partition Type: NTFS
Computer Name: SHARONMORGAN-PC | User Name: Sharon Morgan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
Below are the two notepad scan results...I never got an "Extras" from OTL...what's that mean??
The above means you`ve already ran OTL, I`m guessing you already knew that, being that it was ran 5 times previously, Extras Txt only comes with the first run and will be saved to the same place as OTL. Do you still have it on your Desktop. You`ve also ran Combofix, as can be seen from the new OTL Txt. You`ve also ran TDSSKiller 3 times.
Post the following logs for me to see, if you have any other CF logs post them also.
kevinf80_1d0ac6
1.1K Posts
0
December 15th, 2010 09:00
I'm kevinf80 and I will be helping with any malware issues you may have with your system.
Please proceed as follows :-
Step 1
I need you to shut off Teatimer, it will interefere with any tools we try to run. Leave it off until I tell you otherwise:
1) Open Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Step 2
Download
Link 1
Link 2
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Step 3
Please download MBRCheck.exe to your desktop.
Step 4
Download
Link 1
Link 2
Link 3
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Copy and paste OTL Txt and ExtrasTxt in your reply.
What i`d like in your reply :-
Kevin
morgan214
1 Rookie
•
2 Posts
0
December 15th, 2010 11:00
Thanks Kevin,
Below are the two notepad scan results...I never got an "Extras" from OTL...what's that mean??
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 167):
0x82C41000 \SystemRoot\system32\ntkrnlpa.exe
0x82C0A000 \SystemRoot\system32\halmacpi.dll
0x80BB2000 \SystemRoot\system32\kdcom.dll
0x8321E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83296000 \SystemRoot\system32\PSHED.dll
0x832A7000 \SystemRoot\system32\BOOTVID.dll
0x832AF000 \SystemRoot\system32\CLFS.SYS
0x832F1000 \SystemRoot\system32\CI.dll
0x8C235000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C2A6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C2B4000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C2FC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8C305000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C30D000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C337000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C342000 \SystemRoot\System32\drivers\partmgr.sys
0x8C353000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C35B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C366000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C376000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C3C1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C3C8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C3D6000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C3EC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C200000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C223000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C3F5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8339C000 \SystemRoot\system32\drivers\fltmgr.sys
0x833D0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C40C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C53B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C566000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C579000 \SystemRoot\System32\Drivers\cng.sys
0x8C5D6000 \SystemRoot\System32\drivers\pcw.sys
0x8C5E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C618000 \SystemRoot\system32\drivers\ndis.sys
0x8C6CF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C70D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C834000 \SystemRoot\System32\drivers\tcpip.sys
0x8C97D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C9AE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C9ED000 \SystemRoot\System32\Drivers\spldr.sys
0x8C800000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C732000 \SystemRoot\System32\Drivers\mup.sys
0x8C9F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C742000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C774000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C785000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C82D000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8C7AA000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x833E1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C7E6000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C7F2000 \SystemRoot\System32\Drivers\Null.SYS
0x8C7F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C600000 \SystemRoot\System32\drivers\vga.sys
0x9161F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91640000 \SystemRoot\System32\drivers\watchdog.sys
0x9164D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91655000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9165D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91665000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91670000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9167E000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x9168F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x916A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x916B1000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x916F9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9172B000 \SystemRoot\system32\drivers\afd.sys
0x91785000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9178C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x917AB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x917B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x917CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x917DC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x91600000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9220D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9224E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92258000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92262000 \SystemRoot\System32\drivers\discache.sys
0x9226E000 \SystemRoot\System32\Drivers\dfsc.sys
0x92286000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92294000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x922D0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x922F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92E3F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x93348000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92303000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9230E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92359000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92368000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92387000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x93601000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x93A14000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x93A40000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x93A59000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x93AAA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x93AC2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x93ACF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93ADC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x93AE2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x93AE6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x93AEF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93AFC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93B0E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93B26000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x93B31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93B53000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93B6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93B82000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93B99000 \SystemRoot\system32\DRIVERS\swenum.sys
0x93B9B000 \SystemRoot\system32\DRIVERS\ks.sys
0x93BCF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92C13000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92C57000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92C68000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x92CA5000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x9241A000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x924CF000 \SystemRoot\system32\drivers\modem.sys
0x924DC000 \SystemRoot\system32\drivers\HdAudio.sys
0x9252C000 \SystemRoot\system32\drivers\portcls.sys
0x9255B000 \SystemRoot\system32\drivers\drmk.sys
0x92574000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9258B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9258D000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x925C7000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x925C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x925D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x925E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x925EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92400000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9240D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92DA7000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x92DB1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x992B0000 \SystemRoot\System32\win32k.sys
0x92DC2000 \SystemRoot\System32\drivers\Dxapi.sys
0x92DCC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99510000 \SystemRoot\System32\TSDDD.dll
0x99540000 \SystemRoot\System32\cdd.dll
0x92DD7000 \SystemRoot\system32\drivers\luafv.sys
0x93BDD000 \SystemRoot\system32\drivers\WudfPf.sys
0x92C00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99627000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9966D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9967D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99690000 \SystemRoot\system32\drivers\HTTP.sys
0x99715000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9972E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99740000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99763000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9979E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x997D1000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xAE628000 \SystemRoot\system32\drivers\peauth.sys
0xAE6BF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE6C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAE6EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE6F7000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xAE701000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE750000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xAE778000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE7C9000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAE7F3000 \??\C:\Windows\system32\drivers\mbam.sys
0xB781A000 \SystemRoot\system32\drivers\spsys.sys
0xB7884000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x778B0000 \Windows\System32\ntdll.dll
0x484E0000 \Windows\System32\smss.exe
0x77AF0000 \Windows\System32\apisetschema.dll
Processes (total 68):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
600 csrss.exe
648 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\winlogon.exe
1136 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\spoolsv.exe
1568 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\svchost.exe
1656 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1740 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1760 C:\Program Files\Bonjour\mDNSResponder.exe
1812 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
1936 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\rpcnet.exe
332 C:\Windows\System32\svchost.exe
500 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
580 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
1280 C:\Windows\System32\dwm.exe
1372 C:\Windows\System32\taskhost.exe
1192 C:\Windows\explorer.exe
2088 C:\Windows\System32\taskeng.exe
2120 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3124 C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
3260 C:\Windows\System32\hkcmd.exe
3288 C:\Windows\System32\igfxsrvc.exe
3376 C:\Program Files\Microsoft Office Communicator\communicator.exe
3400 C:\Program Files\iTunes\iTunesHelper.exe
3432 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3452 C:\Program Files\MorganMorgan\mbamgui.exe
3500 C:\Program Files\AVG\AVG10\avgtray.exe
3516 C:\Windows\System32\igfxpers.exe
3524 C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
3540 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3564 C:\Program Files\eFax Messenger 4.4\J2GTray.exe
3572 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
3848 C:\Windows\System32\svchost.exe
3948 C:\Windows\System32\SearchIndexer.exe
4036 C:\Program Files\iPod\bin\iPodService.exe
2836 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2904 C:\Windows\System32\conhost.exe
3348 C:\Windows\System32\SearchProtocolHost.exe
4344 C:\Program Files\Mozilla Firefox\firefox.exe
4836 C:\Program Files\Mozilla Firefox\plugin-container.exe
4988 C:\Windows\explorer.exe
5236 C:\Windows\System32\svchost.exe
5304 C:\Program Files\MorganMorgan\mbamservice.exe
5376 C:\Windows\System32\sppsvc.exe
5428 C:\Program Files\Windows Media Player\wmpnetwk.exe
5884 WmiPrvSE.exe
6136 C:\Windows\servicing\TrustedInstaller.exe
1112 C:\Windows\System32\svchost.exe
5908 C:\Users\Sharon Morgan\Desktop\MBRCheck.exe
152 C:\Windows\System32\conhost.exe
5608 C:\Windows\System32\dllhost.exe
5388 C:\Windows\System32\SearchFilterHost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
PhysicalDrive0 Model Number: ST9320320AS, Rev: DE04
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
OTL logfile created on: 12/15/2010 12:54:11 PM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sharon Morgan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 231.32 Gb Free Space | 80.94% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.69 Gb Free Space | 37.75% Space Free | Partition Type: NTFS
Computer Name: SHARONMORGAN-PC | User Name: Sharon Morgan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/12/15 12:46:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon Morgan\Desktop\OTL.exe
PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\MorganMorgan\mbamservice.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\MorganMorgan\mbamgui.exe
PRC - [2010/11/29 13:20:57 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/11/22 10:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/14 14:06:26 | 000,750,408 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/07/02 12:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2010/07/02 12:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/06/30 20:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (SafeList) ==========
MOD - [2010/12/15 12:46:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon Morgan\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\MorganMorgan\mbamservice.exe -- (MBAMService)
SRV - [2010/11/29 13:20:57 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/09 22:22:16 | 003,229,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/11/09 22:18:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/08/27 15:25:22 | 000,488,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SHARON~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 01:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 16:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 16:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 16:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 F9 FC F6 77 80 CB 01 [binary data]
IE - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.11.21.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/15 11:53:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/12/15 11:14:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/08 10:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 11:32:50 | 000,000,000 | ---D | M]
[2010/11/11 15:38:20 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\Mozilla\Extensions
[2010/12/15 11:30:51 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\mvpcuu1v.default\extensions
[2010/12/08 16:23:55 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Sharon Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\mvpcuu1v.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/12/07 22:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\mvpcuu1v.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}-trash
[2010/12/14 16:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 11:32:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/14 16:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/26 11:02:21 | 000,001,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober1027812.xml
O1 HOSTS File: ([2010/12/15 09:30:32 | 000,426,940 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14728 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\MorganMorgan\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\Sharon Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\Sharon Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3239831504-3194068399-3306191132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.16.67 12.127.17.71
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2010/12/15 12:45:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon Morgan\Desktop\OTL.exe
[2010/12/15 12:35:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon Morgan\Desktop\TFC.exe
[2010/12/15 12:24:30 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\Macromedia
[2010/12/15 11:30:50 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Local\AVG Security Toolbar
[2010/12/15 11:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/12/15 09:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/14 17:34:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/12/14 17:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/14 17:18:17 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Local\temp
[2010/12/14 17:09:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/14 17:09:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/14 17:09:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/14 17:09:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/14 17:09:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/14 17:09:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/14 16:03:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/12/14 16:03:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/12/14 16:03:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/12/14 14:44:58 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/12/14 14:43:25 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sharon Morgan\Desktop\HiJackThis.exe
[2010/12/14 14:41:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/14 14:41:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/14 14:41:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/14 14:41:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/14 14:41:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/14 14:41:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/14 14:41:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/14 14:41:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/14 14:41:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/14 14:41:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/14 14:41:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/14 14:40:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/14 14:40:06 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/14 14:40:05 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/14 14:40:05 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/14 14:40:05 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/14 14:40:01 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/14 14:40:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/14 14:39:56 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/14 14:39:54 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/14 14:39:15 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/14 14:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/14 10:14:23 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\Desktop\Trend Micro
[2010/12/14 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\Desktop\HiJackThis
[2010/12/13 20:07:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/12/13 20:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/12/13 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Local\Diagnostics
[2010/12/13 19:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/13 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\QuickScan
[2010/12/10 11:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/10 11:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/10 11:32:50 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/12/10 11:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/08 22:02:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/08 22:02:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/08 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\MorganMorgan
[2010/12/08 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/08 17:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/08 17:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/08 16:52:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 10:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/30 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\HP
[2010/11/30 12:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/11/30 12:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/11/30 12:06:06 | 000,000,000 | ---D | C] -- C:\Windows\hpojj4600
[2010/11/30 12:05:33 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l5mu.dll
[2010/11/30 12:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/11/30 12:01:33 | 000,729,088 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax4.dll
[2010/11/30 12:01:33 | 000,593,920 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtscl3.dll
[2010/11/30 12:01:33 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010/11/30 12:01:32 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
[2010/11/30 11:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/28 13:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/11/26 11:04:38 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\Pogo
[2010/11/26 11:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Pogo
[2010/11/26 11:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2010/11/26 11:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/11/26 11:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010/11/26 10:55:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Local\Oberon Media
[2010/11/24 08:27:28 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\Documents\OneNote Notebooks
[2010/11/17 11:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/17 11:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/16 15:51:16 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Local\Google
[2010/11/16 15:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/16 11:30:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\j2 Global
[2010/11/16 11:28:14 | 000,000,000 | ---D | C] -- C:\Users\Sharon Morgan\AppData\Roaming\eFax Messenger
[2010/11/16 11:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2010/11/16 11:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
========== Files - Modified Within 30 Days ==========
[2010/12/15 12:46:28 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 12:46:28 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 12:46:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon Morgan\Desktop\OTL.exe
[2010/12/15 12:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\MBRCheck.exe
[2010/12/15 12:38:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/12/15 12:38:47 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/12/15 12:38:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/15 12:38:39 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/15 12:35:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon Morgan\Desktop\TFC.exe
[2010/12/15 11:54:01 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/15 11:50:08 | 068,961,847 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/15 11:50:08 | 000,638,975 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/12/15 10:04:38 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/12/15 09:30:32 | 000,426,940 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/15 09:08:28 | 000,426,196 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101215-093032.backup
[2010/12/14 21:05:22 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/14 20:30:26 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2010/12/14 20:30:26 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2010/12/14 20:30:26 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\msvcr71.dll
[2010/12/14 20:27:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/14 19:13:14 | 000,001,266 | ---- | M] () -- C:\Users\Sharon Morgan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/14 19:13:12 | 000,001,242 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\Spybot - Search & Destroy.lnk
[2010/12/14 18:41:57 | 000,047,420 | ---- | M] () -- C:\Users\Sharon Morgan\Documents\avg scan.csv
[2010/12/14 17:36:47 | 000,036,864 | ---- | M] () -- C:\Users\Sharon Morgan\Documents\hotel-airline ids.xls
[2010/12/14 17:36:15 | 000,001,083 | ---- | M] () -- C:\Users\Sharon Morgan\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2010/12/14 17:36:15 | 000,001,059 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/14 17:16:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101215-090828.backup
[2010/12/14 14:54:01 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/14 10:53:30 | 000,426,993 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101214-123702.backup
[2010/12/13 19:12:44 | 000,426,993 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101214-105330.backup
[2010/12/10 12:28:06 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/12/10 10:46:04 | 000,007,605 | ---- | M] () -- C:\Users\Sharon Morgan\AppData\Local\Resmon.ResmonCfg
[2010/12/09 09:32:31 | 000,016,261 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\Master Notecard Template for Merge.dotx
[2010/12/09 09:31:39 | 000,016,117 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\Master Notecard Template for Merge_legal and spacing.dotx
[2010/12/08 22:38:13 | 000,426,993 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101213-191244.backup
[2010/12/08 22:28:37 | 000,047,944 | ---- | M] () -- C:\Users\Sharon Morgan\Documents\avg.csv
[2010/12/08 22:02:15 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MorganMorgan.lnk
[2010/12/08 17:21:03 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/08 10:21:59 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/08 09:20:44 | 000,709,456 | ---- | M] () -- C:\Windows\is-493L6.exe
[2010/12/08 09:20:44 | 000,000,361 | ---- | M] () -- C:\Windows\is-493L6.lst
[2010/12/08 08:16:29 | 000,028,680 | ---- | M] () -- C:\Users\Sharon Morgan\Documents\lined paper.docx
[2010/12/07 09:45:24 | 000,017,143 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\Notecard.dotm
[2010/12/06 16:47:33 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/06 16:47:33 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/01 08:01:23 | 000,036,352 | ---- | M] () -- C:\Users\Sharon Morgan\Documents\Estimated Decemeber expenses.xls
[2010/11/30 18:21:21 | 000,002,177 | ---- | M] () -- C:\Users\Sharon Morgan\.powerupdate.user.properties
[2010/11/30 12:33:37 | 000,165,693 | ---- | M] () -- C:\Windows\hpwins20.dat
[2010/11/30 12:25:02 | 000,166,287 | ---- | M] () -- C:\Windows\hpwins20.dat.temp
[2010/11/30 08:48:39 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/29 13:20:57 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2010/11/28 11:43:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/26 11:03:49 | 000,002,063 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\Scrabble Tour.lnk
[2010/11/24 08:28:45 | 000,001,266 | ---- | M] () -- C:\Users\Sharon Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/11/23 14:47:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2010/11/23 14:46:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/17 14:38:46 | 000,004,608 | ---- | M] () -- C:\Users\Sharon Morgan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/17 11:55:40 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/16 15:51:26 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/16 11:28:11 | 000,000,998 | ---- | M] () -- C:\Users\Sharon Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/11/16 11:28:11 | 000,000,969 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\eFax Compose Fax 4.4.lnk
[2010/11/16 11:28:11 | 000,000,962 | ---- | M] () -- C:\Users\Sharon Morgan\Desktop\eFax Messenger 4.4.lnk
[2010/11/16 11:28:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\eFax_4_4_Port
========== Files Created - No Company Name ==========
[2010/12/15 12:41:08 | 000,080,384 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\MBRCheck.exe
[2010/12/15 11:50:08 | 068,961,847 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/15 11:50:08 | 000,638,975 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/12/15 11:14:32 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/14 18:41:57 | 000,047,420 | ---- | C] () -- C:\Users\Sharon Morgan\Documents\avg scan.csv
[2010/12/14 17:36:15 | 000,001,083 | ---- | C] () -- C:\Users\Sharon Morgan\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2010/12/14 17:36:15 | 000,001,059 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/14 17:09:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/14 17:09:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/14 17:09:50 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/14 17:09:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/14 17:09:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/14 08:03:24 | 000,001,266 | ---- | C] () -- C:\Users\Sharon Morgan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/14 08:03:24 | 000,001,242 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 10:46:04 | 000,007,605 | ---- | C] () -- C:\Users\Sharon Morgan\AppData\Local\Resmon.ResmonCfg
[2010/12/09 09:30:45 | 000,016,117 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\Master Notecard Template for Merge_legal and spacing.dotx
[2010/12/09 08:34:30 | 000,016,261 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\Master Notecard Template for Merge.dotx
[2010/12/08 22:28:37 | 000,047,944 | ---- | C] () -- C:\Users\Sharon Morgan\Documents\avg.csv
[2010/12/08 22:02:15 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MorganMorgan.lnk
[2010/12/08 17:21:03 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/08 10:21:59 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/08 09:20:44 | 000,709,456 | ---- | C] () -- C:\Windows\is-493L6.exe
[2010/12/08 09:20:44 | 000,000,361 | ---- | C] () -- C:\Windows\is-493L6.lst
[2010/12/08 08:16:24 | 000,028,680 | ---- | C] () -- C:\Users\Sharon Morgan\Documents\lined paper.docx
[2010/12/08 07:00:55 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/12/07 09:45:24 | 000,017,143 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\Notecard.dotm
[2010/12/02 09:55:21 | 000,442,368 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\Map98.exe
[2010/12/01 08:00:47 | 000,036,352 | ---- | C] () -- C:\Users\Sharon Morgan\Documents\Estimated Decemeber expenses.xls
[2010/11/30 12:30:48 | 000,166,287 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2010/11/30 12:22:18 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2010/11/30 12:04:06 | 000,165,693 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/11/30 12:04:06 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010/11/28 11:43:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/26 11:03:49 | 000,002,063 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\Scrabble Tour.lnk
[2010/11/24 08:27:36 | 000,001,266 | ---- | C] () -- C:\Users\Sharon Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/11/23 14:47:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2010/11/23 14:46:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/17 11:55:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/16 15:57:57 | 000,004,608 | ---- | C] () -- C:\Users\Sharon Morgan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/16 15:51:26 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/16 11:28:11 | 000,000,998 | ---- | C] () -- C:\Users\Sharon Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/11/16 11:28:11 | 000,000,969 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\eFax Compose Fax 4.4.lnk
[2010/11/16 11:28:11 | 000,000,962 | ---- | C] () -- C:\Users\Sharon Morgan\Desktop\eFax Messenger 4.4.lnk
[2010/11/16 11:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\eFax_4_4_Port
[2010/11/11 16:10:59 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/10 09:18:43 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/11/09 21:51:45 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
========== LOP Check ==========
[2010/12/08 18:40:57 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\AVG
[2010/11/10 06:38:57 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\AVG10
[2010/11/30 18:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\CmapTools
[2010/11/16 11:35:19 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\eFax Messenger
[2010/11/16 11:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\j2 Global
[2010/11/10 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\Leadertech
[2010/11/26 11:04:38 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\Pogo
[2010/12/14 07:47:15 | 000,000,000 | ---D | M] -- C:\Users\Sharon Morgan\AppData\Roaming\QuickScan
[2010/11/11 15:21:43 | 000,015,734 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/07/11 18:07:30 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\atl71.dll
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/14 20:27:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/14 17:34:05 | 000,014,167 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/15 12:38:39 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/14 10:46:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/14 20:30:26 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2006/07/11 19:02:30 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2008/11/14 10:46:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/14 20:30:26 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2010/12/14 20:30:26 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\msvcr71.dll
[2009/06/09 16:58:03 | 000,000,864 | ---- | M] () -- C:\net_save.dna
[2010/04/28 10:45:03 | 000,024,524 | ---- | M] () -- C:\P1005.log
[2010/12/15 12:38:39 | 3747,655,680 | -HS- | M] () -- C:\pagefile.sys
[2010/12/14 10:06:49 | 000,065,030 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_14.12.2010_10.06.09_log.txt
[2010/12/14 10:08:04 | 000,063,934 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_14.12.2010_10.07.46_log.txt
[2010/12/14 12:02:08 | 000,063,120 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_14.12.2010_12.00.41_log.txt
[2008/11/17 18:25:59 | 000,004,487 | ---- | M] () -- C:\WirelessDiagLog.csv
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-14 20:49:22
========== Alternate Data Streams ==========
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
kevinf80_1d0ac6
1.1K Posts
0
December 15th, 2010 16:00
The above means you`ve already ran OTL, I`m guessing you already knew that, being that it was ran 5 times previously, Extras Txt only comes with the first run and will be saved to the same place as OTL. Do you still have it on your Desktop. You`ve also ran Combofix, as can be seen from the new OTL Txt. You`ve also ran TDSSKiller 3 times.
Post the following logs for me to see, if you have any other CF logs post them also.
C:\ComboFix.txt
C:\TDSSKiller.2.4.11.0_14.12.2010_10.06.09_log.txt
C:\TDSSKiller.2.4.11.0_14.12.2010_10.07.46_log.txt
C:\TDSSKiller.2.4.11.0_14.12.2010_12.00.41_log.txt
Next,
Run the following and post that log with the rest.......
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.
Also be aware this scan can take several hours to complete depending on the size of your
system.
Kevin....