Solved Infection

[Resolved] Infection

My AVG popped up that my computer had been infected by Exploit blackhole.exploit kti

The access file that it said to have infected was: cvi3.co.cc/index.php?ty=ae63b0732f49eaa2

I have ran malwarebytes and it did not find anything, and I have also cleared all of my cookies, passwords, temp files, and history by using CCcleaner.

I am not sure if it has been removed or not, any help would be greatly appreciated.

 

I tried running the gmer, but while doing it my computer popped up a blue screen and said "crash dump "...you must restart computer and delete any new downloads in which you have recently added. I restarted the computer and recieved this message when i turned it back on. Your computer has been recoved. I do have a hijack this log if you would like me to post it?

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: B2138000
BCP2: 00000000
BCP3: A91D3FFB
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini022711-01.dmp
C:\Users\Chad\AppData\Local\Temp\WER-54101-0.sysdata.xml
C:\Users\Chad\AppData\Local\Temp\WER3800.tmp.version.txt

 

It would not work either

It says Unknown MBR code.

Found non-standard or infected MBR. Enter "Y" and hit enter for more options or "N" to exit

 

So should I hit the "Y" or the "N" when this pops up?

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 187):
0x81C33000 \SystemRoot\system32\ntkrnlpa.exe
0x81C00000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\system32\drivers\isapnp.sys
0x8071C000 \SystemRoot\system32\drivers\mpio.sys
0x80738000 \SystemRoot\System32\drivers\partmgr.sys
0x80747000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80754000 \SystemRoot\system32\drivers\volmgr.sys
0x80763000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AD000 \SystemRoot\system32\drivers\intelide.sys
0x807B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C2000 \SystemRoot\system32\drivers\aliide.sys
0x807C9000 \SystemRoot\system32\drivers\amdide.sys
0x807D0000 \SystemRoot\system32\drivers\cmdide.sys
0x807D8000 \SystemRoot\System32\drivers\mountmgr.sys
0x805BA000 \SystemRoot\system32\drivers\msdsm.sys
0x805D4000 \SystemRoot\system32\drivers\nvraid.sys
0x82205000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82226000 \SystemRoot\system32\drivers\pciide.sys
0x8222D000 \SystemRoot\system32\drivers\viaide.sys
0x82235000 \SystemRoot\system32\drivers\iastorv.sys
0x822D6000 \SystemRoot\system32\drivers\atapi.sys
0x822DE000 \SystemRoot\system32\drivers\ataport.SYS
0x822FC000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82316000 \SystemRoot\system32\drivers\storport.sys
0x82357000 \SystemRoot\system32\drivers\msahci.sys
0x82361000 \SystemRoot\system32\drivers\hpcisss.sys
0x8236C000 \SystemRoot\system32\drivers\adp94xx.sys
0x87C06000 \SystemRoot\system32\drivers\adpahci.sys
0x87C52000 \SystemRoot\system32\drivers\adpu160m.sys
0x87C6D000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x87C93000 \SystemRoot\system32\drivers\adpu320.sys
0x87CB9000 \SystemRoot\system32\drivers\djsvs.sys
0x87CCD000 \SystemRoot\system32\drivers\arc.sys
0x87CE3000 \SystemRoot\system32\drivers\arcsas.sys
0x87CF9000 \SystemRoot\system32\drivers\elxstor.sys
0x87D8D000 \SystemRoot\system32\drivers\i2omp.sys
0x87D97000 \SystemRoot\system32\drivers\iirsp.sys
0x87DA7000 \SystemRoot\system32\drivers\iteatapi.sys
0x87DB3000 \SystemRoot\system32\drivers\iteraid.sys
0x87DBF000 \SystemRoot\system32\drivers\lsi_fc.sys
0x87DD9000 \SystemRoot\system32\drivers\lsi_sas.sys
0x87DF1000 \SystemRoot\system32\drivers\megasas.sys
0x87E03000 \SystemRoot\system32\drivers\megasr.sys
0x87EBA000 \SystemRoot\system32\drivers\mraid35x.sys
0x87EC5000 \SystemRoot\system32\drivers\nfrd960.sys
0x87ED3000 \SystemRoot\system32\drivers\nvstor.sys
0x8800B000 \SystemRoot\system32\drivers\ql2300.sys
0x88143000 \SystemRoot\system32\drivers\ql40xx.sys
0x88198000 \SystemRoot\system32\drivers\sisraid2.sys
0x881A5000 \SystemRoot\system32\drivers\sisraid4.sys
0x881BA000 \SystemRoot\system32\drivers\symc8xx.sys
0x881C6000 \SystemRoot\system32\drivers\sym_hi.sys
0x881D1000 \SystemRoot\system32\drivers\sym_u3.sys
0x87EE0000 \SystemRoot\system32\drivers\uliahci.sys
0x881DC000 \SystemRoot\system32\drivers\ulsata.sys
0x87F1C000 \SystemRoot\system32\drivers\ulsata2.sys
0x87F48000 \SystemRoot\system32\drivers\vsmraid.sys
0x87F69000 \SystemRoot\system32\drivers\fltmgr.sys
0x87F9B000 \SystemRoot\system32\drivers\fileinfo.sys
0x88203000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88274000 \SystemRoot\system32\drivers\ndis.sys
0x8837F000 \SystemRoot\system32\drivers\msrpc.sys
0x883AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x88408000 \SystemRoot\System32\drivers\tcpip.sys
0x884F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88602000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88712000 \SystemRoot\system32\drivers\wd.sys
0x8871A000 \SystemRoot\system32\drivers\volsnap.sys
0x88753000 \SystemRoot\System32\Drivers\spldr.sys
0x8875B000 \SystemRoot\system32\drivers\sbp2port.sys
0x88770000 \SystemRoot\System32\Drivers\mup.sys
0x8877F000 \SystemRoot\System32\drivers\ecache.sys
0x887A6000 \SystemRoot\system32\drivers\disk.sys
0x887B7000 \SystemRoot\system32\drivers\crcdisk.sys
0x887E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x887ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8850D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x887F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BE03000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C720000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7C1000 \SystemRoot\System32\drivers\watchdog.sys
0x8C7CD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8851C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C7D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8855A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87FAB000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CC05000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CCE9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CCFC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8CD01000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CD0C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CD3C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CD3E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CD49000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CD4D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD65000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CD94000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CD9F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CDB6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CDC1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CDE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C7E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x885E7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x883E5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDF3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87FD1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CDF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x823D6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CE35000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CE46000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CE81000 \SystemRoot\system32\drivers\portcls.sys
0x8CEAE000 \SystemRoot\system32\drivers\drmk.sys
0x8CED3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D007000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D10A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D1BF000 \SystemRoot\system32\drivers\modem.sys
0x8D1CC000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8D1ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1F6000 \SystemRoot\System32\Drivers\Null.SYS
0x8D000000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF1A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CF21000 \SystemRoot\System32\drivers\vga.sys
0x8CF2D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF4E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CF56000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF5E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CF69000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CF77000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CF80000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CF96000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CFAA000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8CFC3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D402000 \SystemRoot\system32\drivers\afd.sys
0x8D44A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D460000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D46E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D481000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D4BD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D4C7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D4DE000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8D4E4000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8D535000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D542000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D54D000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x95EE0000 \SystemRoot\System32\win32k.sys
0x8D557000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D561000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96100000 \SystemRoot\System32\TSDDD.dll
0x96120000 \SystemRoot\System32\cdd.dll
0x96130000 \SystemRoot\System32\ATMFD.DLL
0x8D570000 \SystemRoot\system32\drivers\luafv.sys
0x8D58B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D59B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D5C5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D5CF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9800000 \SystemRoot\system32\drivers\spsys.sys
0xA98B0000 \SystemRoot\system32\drivers\HTTP.sys
0xA991D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA993A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA9953000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA9968000 \SystemRoot\system32\drivers\mrxdav.sys
0xA9989000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA99A8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA99E1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9E28000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9E8E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9E92000 \SystemRoot\system32\drivers\peauth.sys
0xA9F70000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA9F7A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9F86000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA9F8E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76EE0000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
464 csrss.exe
508 C:\Windows\System32\wininit.exe
516 csrss.exe
564 C:\Windows\System32\winlogon.exe
592 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\SLsvc.exe
1292 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\wlanext.exe
1660 C:\Windows\System32\spoolsv.exe
1684 C:\Windows\System32\svchost.exe
1892 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
1916 C:\Windows\System32\svchost.exe
1964 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1980 C:\Windows\System32\svchost.exe
2020 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
436 C:\Program Files\SMINST\BLService.exe
468 C:\Program Files\CyberLink\Shared files\RichVideo.exe
772 C:\Program Files\AVG\AVG8\avgrsx.exe
1000 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1408 C:\Windows\System32\svchost.exe
2060 C:\Windows\System32\svchost.exe
2124 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2220 C:\Windows\System32\SearchIndexer.exe
2280 C:\Windows\System32\drivers\XAudio.exe
2348 C:\PROGRA~1\AVG\AVG8\avgemc.exe
2396 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2540 C:\Windows\System32\taskeng.exe
2564 C:\Program Files\AVG\AVG8\avgcsrvx.exe
2728 C:\Windows\System32\taskeng.exe
2752 C:\Windows\System32\dwm.exe
2816 C:\Windows\explorer.exe
2840 C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
2848 C:\Windows\System32\taskeng.exe
3036 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3044 C:\Program Files\HP\QuickPlay\QPService.exe
3068 C:\Program Files\Windows Defender\MSASCui.exe
3076 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3108 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3116 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3192 C:\Program Files\AVG\AVG8\avgtray.exe
3200 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3252 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3260 C:\Windows\System32\igfxtray.exe
3268 C:\Windows\System32\hkcmd.exe
3276 C:\Windows\System32\igfxpers.exe
3292 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3300 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3308 C:\Program Files\Windows Sidebar\sidebar.exe
3324 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3620 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3648 C:\Windows\System32\igfxsrvc.exe
3656 WmiPrvSE.exe
3824 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2144 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2644 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1076 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
1036 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4164 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5008 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1300 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
620 C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
5684 WmiPrvSE.exe
4084 C:\Program Files\Internet Explorer\iexplore.exe
5704 C:\Program Files\Internet Explorer\iexplore.exe
3616 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
5164 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
728 C:\Program Files\Internet Explorer\iexplore.exe
2188 C:\Windows\System32\SearchProtocolHost.exe
5876 C:\Windows\System32\SearchFilterHost.exe
5960 C:\Users\Chad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`ad100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

--------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5128

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/16/2010 12:24:52 PM
mbam-log-2010-11-16 (12-24-52).txt

Scan type: Quick scan
Objects scanned: 145461
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------


DDS (Ver_10-12-12.02) - NTFSx86
Run by Chad at 19:28:32.89 on Sun 02/27/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1978.750 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chad\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5 "
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-28 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-28 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-28 297752]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

=============== Created Last 30 ================

2011-02-27 23:10:11 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5848c1b3-4f98-44da-978d-2ae2840d5c9f}\mpengine.dll

==================== Find3M ====================

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 19:29:26.44 ===============


--------------------------------------------------------------------------



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2009 9:20:35 AM
System Uptime: 2/27/2011 5:35:59 PM (2 hours ago)

Motherboard: Wistron | | 3612
Processor: Genuine Intel(R) CPU 585 @ 2.16GHz | CPU | 2161/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 88.7 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.776 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
470_Help
470_Readme
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player
Atheros Driver Installation Program
AVG Free 8.5
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
BPD_HPSU
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CustomerResearchQFolder
CyberLink DVD Suite
CyberSports for Basketball
D3DX10
DeviceDiscovery
DeviceManagementQFolder
ESU for Microsoft Vista
eSupportQFolder
H470
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 9.0
HP Officejet H470 Series
HP Quick Launch Buttons 6.40 H2
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
KODAK Share Button App
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
MPM
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
ProductContext
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Status
Swami MapManager
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
WebReg
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack

==== End Of File ===========================

 

Accidently reposted the information

 

ComboFix 11-02-27.01 - Chad 02/27/2011 23:07:15.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.1152 [GMT -5:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))
.

2011-02-28 04:17 . 2011-02-28 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-27 23:13 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-02-27 23:13 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-27 23:13 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-27 23:13 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-27 23:13 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-02-27 23:13 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-27 23:13 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-27 23:12 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-27 23:11 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-27 23:11 . 2010-12-18 06:28 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-27 23:06 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-27 23:06 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2009-10-04 21:30 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\HPCeeScheduleForChad.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 23:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-02-27 23:21:12
ComboFix-quarantined-files.txt 2011-02-28 04:21

Pre-Run: 94,316,052,480 bytes free
Post-Run: 94,915,665,920 bytes free

- - End Of File - - 024974B5C701FEDB887A65BD0A0FBC8D

 

I also had to delete AVG...Should I go ahead and reinstall this now?

 

OTL logfile created on: 2/27/2011 11:53:19 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Chad\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 87.27 Gb Free Space | 62.92% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 23:52:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 003,989,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/07 12:43:18 | 000,106,496 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 23:52:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/03/13 08:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 08:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/20 21:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2588156968-2025141593-1940496239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2588156968-2025141593-1940496239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2588156968-2025141593-1940496239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:02:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/27 23:46:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/27 23:17:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2588156968-2025141593-1940496239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2588156968-2025141593-1940496239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2588156968-2025141593-1940496239-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 23:52:32 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2011/02/27 23:49:19 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\AVG10
[2011/02/27 23:48:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/27 23:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/27 23:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/27 23:46:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/02/27 23:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/27 23:21:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/27 23:21:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/27 23:05:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/27 23:03:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/27 23:03:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/27 23:03:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/27 23:03:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/27 22:46:42 | 006,209,392 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Chad\Desktop\AppRemover.exe
[2011/02/27 22:39:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Chad\Documents\*.tmp files -> C:\Users\Chad\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/27 23:52:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2011/02/27 23:50:39 | 107,372,918 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/27 23:48:02 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/27 23:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/27 23:09:26 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/27 23:09:26 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/27 23:03:58 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/02/27 23:02:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 23:02:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 23:01:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 23:01:57 | 000,391,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/27 23:00:56 | 2073,264,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 22:46:47 | 006,209,392 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Chad\Desktop\AppRemover.exe
[2011/02/27 22:39:36 | 004,276,140 | R--- | M] () -- C:\Users\Chad\Desktop\ComboFix.exe
[2011/02/27 19:28:29 | 000,624,128 | ---- | M] () -- C:\Users\Chad\Desktop\dds.scr
[2011/02/27 19:23:38 | 000,080,384 | ---- | M] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[1 C:\Users\Chad\Documents\*.tmp files -> C:\Users\Chad\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/27 23:50:39 | 107,372,918 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/27 23:48:02 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/27 23:03:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/27 23:03:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/27 23:03:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/27 23:03:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/27 23:03:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/27 22:39:21 | 004,276,140 | R--- | C] () -- C:\Users\Chad\Desktop\ComboFix.exe
[2011/02/27 19:27:56 | 000,624,128 | ---- | C] () -- C:\Users\Chad\Desktop\dds.scr
[2011/02/27 19:23:25 | 000,080,384 | ---- | C] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[2011/01/03 07:59:55 | 000,156,479 | ---- | C] () -- C:\Windows\hpwins12.dat
[2011/01/03 07:59:35 | 000,009,842 | ---- | C] () -- C:\Windows\hpwscr12.dat
[2011/01/03 07:59:35 | 000,000,981 | ---- | C] () -- C:\Windows\hpwmdl12.dat
[2011/01/03 07:29:30 | 000,000,063 | ---- | C] () -- C:\Windows\CYBERBB.INI
[2010/12/28 21:09:43 | 000,000,680 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/06 22:00:29 | 000,009,728 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 20:35:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 20:35:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/15 08:57:19 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 00:43:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 15:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,391,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/02/27 23:49:19 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\AVG10
[2009/06/28 21:39:59 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 13:49:32 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\FloodLightGames
[2009/07/12 16:46:20 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\iWin
[2009/07/16 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Ludia
[2009/07/26 21:04:33 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\SPORE Creature Creator
[2010/01/05 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WildTangent
[2011/02/27 22:57:13 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/02/27 23:21:12 | 000,008,621 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/02/27 23:00:56 | 2073,264,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/03 07:27:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/03 07:27:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/27 23:00:54 | 2389,127,168 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/08/16 23:50:51 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5k2.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/16 10:10:05 | 000,000,365 | -HS- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/07/09 22:59:28 | 000,000,177 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Jan .url
[2010/01/26 00:05:52 | 000,000,156 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\My Watch List.url

< %USERPROFILE%\Desktop\*.exe >
[2011/02/27 22:46:47 | 006,209,392 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Chad\Desktop\AppRemover.exe
[2011/02/27 22:39:36 | 004,276,140 | R--- | M] () -- C:\Users\Chad\Desktop\ComboFix.exe
[2011/02/27 19:23:38 | 000,080,384 | ---- | M] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[2011/02/27 23:52:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/27 18:36:31 | 000,000,402 | -HS- | M] () -- C:\Users\Chad\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/27 23:03:58 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/12/28 21:15:30 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2011/01/03 08:12:03 | 000,001,310 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/03/15 09:00:21 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/10/23 01:44:34 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/15 08:59:30 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/10/23 01:38:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/15 08:57:46 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 09:00:00 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/10/23 01:36:16 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/23 01:44:03 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/15 09:00:30 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >


--------------------------------------------------------------------------

OTL Extras logfile created on: 2/27/2011 11:53:19 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Chad\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 87.27 Gb Free Space | 62.92% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F95092-8FBA-4FD6-9B4A-C20C5A437A8B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{26F7E895-7885-4ED3-88EF-0DE4C0FA3DA5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40888363-EAB4-4F73-A7C2-695E415A1F62}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7F2D4A03-585D-4DE4-B550-229299B5B059}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B326519D-5512-492F-91C1-AD107FC1EF16}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD511C5-6692-4243-935D-CD1DC4D0F2A9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24BEA346-4F7D-46D2-9E62-DD2D8C44280F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{432A8CF1-479B-48D2-8DD0-B26F1C272052}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{51CF7C20-B202-4CDA-8B65-6F32FC30B10A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5392277B-CA8F-48A8-9E0F-0B217568DC93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7CBAF977-04F5-47A6-9F84-8F70E05C287C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8FD64A04-6022-4D79-8D92-6AB31F0B9635}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{CCF59BC8-C637-4125-92B4-44445E5719F9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D53B8B7E-D3B8-4479-B152-393894654F29}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DCDFBB3C-4173-4C80-97DE-0C18ECF2FCC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E18827F6-F1AA-49BA-AD42-17413ECBDABC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EA08CA38-8B62-48A6-A81E-FC8A0D9E40C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F2C5348D-8881-410A-A831-18DB6ACF516A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F7EE1EE3-F6E2-4DFC-8E95-DDB17BFBFDBC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{FE4BDD9F-8609-499B-AB1B-E113BCD5975F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{6FC55FA9-A3DA-4618-921F-F5D793F8E61B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6505FC37-1A13-48CC-AC9A-9F4C59C3AECF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00772F8B-37FF-4704-A47D-72B30BFAF126}" = MPM
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BC4864E-72C5-472D-8692-0E5971E0BD36}" = BPDSoftware_Ini
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10829556-7C82-4a83-8C81-F2D98472C76B}" = H470
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A15F754-086E-4185-96F4-0BC31F1A2382}" = HP Officejet H470 Series
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6673E0F4-D376-431b-A6F4-18D1B86B4A89}" = BPDSoftware
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B349DE1-590D-4506-B272-9115EC31F7D2}" = 470_Help
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FB3A94A-CAA8-4A7B-8E1D-CBB34A5E5FB8}" = KODAK Share Button App
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A83629F-D138-4F74-BFE2-9C566835A5EA}" = Swami MapManager
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
"{BA72A4E3-D2D0-4203-A17E-E53012B8807C}" = BPD_HPSU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE5F0136-2C7C-42a7-B1B0-5F12D107A0EE}" = ProductContext
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CyberSports for Basketball" = CyberSports for Basketball
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2011 2:03:27 AM | Computer Name = Chad-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/26/2011 4:32:36 PM | Computer Name = Chad-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2011 12:12:55 PM | Computer Name = Chad-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2011 12:26:36 PM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application xtli7q2j.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module xtli7q2j.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xfe0, application
start time 0x01cbd69ad5937903.

Error - 2/27/2011 12:30:04 PM | Computer Name = Chad-PC | Source = Perflib | ID = 1010
Description =

Error - 2/27/2011 12:33:49 PM | Computer Name = Chad-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2011 6:32:50 PM | Computer Name = Chad-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2011 6:33:20 PM | Computer Name = Chad-PC | Source = ESENT | ID = 455
Description = Catalog Database (1452) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0014A.log.

Error - 2/27/2011 6:33:20 PM | Computer Name = Chad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 2/27/2011 6:37:05 PM | Computer Name = Chad-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/27/2011 11:52:06 PM | Computer Name = Chad-PC | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 11:52:06 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/27/2011 11:52:06 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/27/2011 11:52:39 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/27/2011 11:52:39 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/28/2011 12:02:43 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/28/2011 12:06:43 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/28/2011 12:07:03 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/28/2011 12:13:21 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/28/2011 12:17:19 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >

 

OTL results....I will attach the others once I get finished running them.


All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-2588156968-2025141593-1940496239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Chad\Documents\edit.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chad
->Temp folder emptied: 848721 bytes
->Temporary Internet Files folder emptied: 132045616 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 43515 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb


[EMPTYFLASH]

User: All Users

User: Chad
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02282011_005905

Files\Folders moved on Reboot...
File\Folder C:\Users\Chad\AppData\Local\Temp\~DF6641.tmp not found!
File\Folder C:\Users\Chad\AppData\Local\Temp\~DF664B.tmp not found!
File\Folder C:\Users\Chad\AppData\Local\Temp\~DF66AD.tmp not found!
File\Folder C:\Users\Chad\AppData\Local\Temp\~DF66B7.tmp not found!
File\Folder C:\Users\Chad\AppData\Local\Temp\~DF66E5.tmp not found!
File\Folder C:\Users\Chad\AppData\Local\Temp\~DF66EF.tmp not found!
File\Folder C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(84)\Content.IE5\WQE5CQDX\Ghvc3RwdmlkAzhyelhWVW9HN3Y3Q3dacS5UV3B1aWdJUVFQcW1YVTFxelJFQUN4NmsEbl9ncHMDMARuX3ZwcwMwBG9yaWdpbgNzcnAEcXVlcnkDd2hhdCBpcyBNQlIEc2FvAzEEdnRlc3RpZANFRTAwNw--[1].htm not found!
File\Folder C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(84)\Content.IE5\CYX9NXIM\=cm;u=,cm-46587936_1298843446,11e8b827ab889e8,Miscellaneous,;;cmw=owl;sz=160x600;net=cm;env=ifr;ord1=840883;contx=Miscellaneous;an=80;dc=d;btg=;ord=[timestamp][1] not found!
File\Folder C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(84)\Content.IE5\CYX9NXIM\Ghvc3RwdmlkA25UTW93a29HN3Y3Q3dacS5UV3B1aWdRUFFQcW1YVTFxZlVnQUNOZWMEbl9ncHMDMTAEbl92cHMDMARvcmlnaW4Dc3JwBHF1ZXJ5A3dpbmRvd3NiYnMEc2FvAzEEdnRlc3RpZANFRTAwNw--[1].htm not found!
File\Folder C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(84)\Content.IE5\4UT2ZUNE\=cm;u=,cm-72291751_1298843903,11e8b827ab889e8,Miscellaneous,;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=549481;contx=Miscellaneous;an=80;dc=d;btg=;ord=[timestamp][1] not found!
File\Folder C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(84)\Content.IE5\4UT2ZUNE\DkyBGhvc3RwdmlkA1dPUVdLa29HN3Y3Q3dacS5UV3B1aWdJT1FQcW1YVTFxeF9FQUJ6Vm8Ebl9ncHMDMARuX3ZwcwMwBG9yaWdpbgNzcnAEcXVlcnkDd2luZG93IGJicwRzYW8DMQR2dGVzdGlkA0VFMDA3[1].htm not found!
File\Folder C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(84)\Content.IE5\4UT2ZUNE\t=cm;u=,cm-32275021_1298844059,11e8b827ab889e8,Miscellaneous,;;cmw=owl;sz=728x90;net=cm;env=ifr;ord1=514742;contx=Miscellaneous;an=40;dc=w;btg=;ord=[timestamp][1] not found!
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTGE8P1E\ads[5].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YXFA55UA\97971-infection-2[1].html moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YXFA55UA\adTag[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YXFA55UA\andes_c[2].html moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YXFA55UA\wrapper1[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V3J0X3FJ\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8WJ33FZX\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[2].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8WJ33FZX\1246292183@x23[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8WJ33FZX\ads[3].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8WJ33FZX\audmeasure[3].gif moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8WJ33FZX\p-01-0VIaSjnOLg[3].gif moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8WJ33FZX\p-01-0VIaSjnOLg[4].gif moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

Security Check Results

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

 

Eset did not find any threats