Solved CPU seems taxed

TJGarner · 2010/07/14

[Resolved] CPU seems taxed

Setting: My wife and I each have our "main" computers, and we have a laptop that is shared (though my wife uses it about 95% of the time). Occasionally she will play World of Warcraft on the laptop, since it isn't a gaming laptop, there is some expected slow downs - the in game settings are set to take that into account.

Situation: A number of months ago my wife commented that it seemed even more sluggish than ever before. I use to use the laptop to play WoW, and I did notice that there was a marked difference from when I use to use the laptop to how it is currently. I poked around and changed a few settings, though it was a marginal improvement. Nothing more was done to address that situation.

Not sure of the time frame after the above situation, a virus exploded on the laptop... it was really messy. I ran the following programs: 1) SpyBot Search and destroy (which located the trojan and removed it) 2) AVG - "Scan whole computer" detected and removed virus. 3) Kaspersky online scan - nothing detected. And for good measure I ran Glary's utility until no problems detected.

I didn't post in the virus removal forums because I am fairly certain that the virus/trojan is gone. But I am still experiencing sluggish performance, so I thought this thread would fit better in the OS thread. If I am wrong, I am sorry.

I also went into msconfig and looked at the startup tab, I think the only things there are things that are necessary. I didn't do anything with the services tab since I wasn't 100% sure what I would be effecting by poking around in there.

System Info:
HP Compaq Presario V5000
AMD Turion Mobile Technology ML-32 1.97 GHz
1.87 Gigs of Ram
Hard Drive: 67 gigs, ST98823A
Wireless LAN - Cable modem
Windows XP Home version 2002 SP3
I assume it is 32 bit

Admin. · 2010/07/14

As I suggested in the other thread: Read this post as indicated at the top of this forum & follow the instructions.

TJGarner · 2010/07/17

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2006 5:02:35 PM
System Uptime: 7/7/2010 6:29:52 AM (106 hours ago)

Motherboard: Hewlett-Packard | | 30AE
Processor: AMD Turion(tm) 64 Mobile Technology ML-32 | U23 | 1794/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 67 GiB total, 21.481 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.018 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&13826118&0&30A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&13826118&0&30A4
Service: RTL8023xp

==== System Restore Points ===================

RP924: 4/12/2010 10:52:44 PM - System Checkpoint
RP925: 4/14/2010 10:53:48 AM - Software Distribution Service 3.0
RP926: 4/15/2010 10:57:52 AM - System Checkpoint
RP927: 4/16/2010 11:20:23 AM - System Checkpoint
RP928: 4/17/2010 11:26:00 AM - System Checkpoint
RP929: 4/18/2010 1:10:19 PM - System Checkpoint
RP930: 4/19/2010 1:17:59 PM - System Checkpoint
RP931: 4/20/2010 8:24:09 PM - System Checkpoint
RP932: 4/21/2010 10:43:29 AM - Avg Update
RP933: 4/21/2010 10:45:42 AM - Avg Update
RP934: 4/22/2010 11:07:37 AM - System Checkpoint
RP935: 4/23/2010 12:04:31 PM - System Checkpoint
RP936: 4/24/2010 12:32:12 PM - System Checkpoint
RP937: 4/25/2010 1:03:31 PM - System Checkpoint
RP938: 4/26/2010 5:08:00 PM - System Checkpoint
RP939: 4/27/2010 8:22:06 PM - System Checkpoint
RP940: 4/28/2010 8:32:57 PM - System Checkpoint
RP941: 4/29/2010 9:30:37 PM - System Checkpoint
RP942: 4/30/2010 10:30:37 PM - System Checkpoint
RP943: 5/1/2010 11:30:36 PM - System Checkpoint
RP944: 5/3/2010 12:30:36 AM - System Checkpoint
RP945: 5/3/2010 1:57:11 PM - Installed Java(TM) 6 Update 20
RP946: 5/4/2010 2:30:36 PM - System Checkpoint
RP947: 5/5/2010 3:30:35 PM - System Checkpoint
RP948: 5/6/2010 6:13:23 PM - System Checkpoint
RP949: 5/7/2010 9:52:02 AM - Avg Update
RP950: 5/8/2010 9:59:38 AM - Configured easy Internet sign-up
RP951: 5/9/2010 11:11:20 AM - System Checkpoint
RP952: 5/10/2010 11:54:21 AM - System Checkpoint
RP953: 5/11/2010 12:55:01 PM - System Checkpoint
RP954: 5/12/2010 3:00:30 AM - Software Distribution Service 3.0
RP955: 5/13/2010 4:04:49 AM - System Checkpoint
RP956: 5/14/2010 4:30:05 AM - System Checkpoint
RP957: 5/15/2010 1:01:16 PM - System Checkpoint
RP958: 5/16/2010 1:53:33 PM - System Checkpoint
RP959: 5/17/2010 4:54:27 PM - System Checkpoint
RP960: 5/18/2010 5:23:31 PM - System Checkpoint
RP961: 5/19/2010 5:59:24 PM - System Checkpoint
RP962: 5/20/2010 8:23:59 PM - System Checkpoint
RP963: 5/21/2010 9:01:46 PM - System Checkpoint
RP964: 5/22/2010 9:48:16 PM - System Checkpoint
RP965: 5/23/2010 10:48:16 PM - System Checkpoint
RP966: 5/24/2010 11:48:15 PM - System Checkpoint
RP967: 5/26/2010 12:48:17 AM - System Checkpoint
RP968: 5/26/2010 3:00:22 AM - Software Distribution Service 3.0
RP969: 5/27/2010 4:26:41 AM - System Checkpoint
RP970: 5/28/2010 11:25:45 AM - System Checkpoint
RP971: 5/29/2010 11:54:21 AM - System Checkpoint
RP972: 5/30/2010 12:53:18 PM - System Checkpoint
RP973: 5/31/2010 12:54:20 PM - System Checkpoint
RP974: 6/1/2010 12:58:30 PM - System Checkpoint
RP975: 6/2/2010 11:32:31 AM - Avg Update
RP976: 6/3/2010 12:19:02 PM - System Checkpoint
RP977: 6/4/2010 3:00:30 AM - Software Distribution Service 3.0
RP978: 6/5/2010 4:42:41 AM - System Checkpoint
RP979: 6/6/2010 5:19:01 AM - System Checkpoint
RP980: 6/7/2010 10:27:57 AM - System Checkpoint
RP981: 6/8/2010 8:31:42 PM - System Checkpoint
RP982: 6/9/2010 9:08:25 PM - System Checkpoint
RP983: 6/10/2010 10:08:25 PM - System Checkpoint
RP984: 6/11/2010 12:14:45 PM - Software Distribution Service 3.0
RP985: 6/12/2010 1:44:52 PM - System Checkpoint
RP986: 6/13/2010 2:01:48 PM - System Checkpoint
RP987: 6/14/2010 8:29:29 PM - System Checkpoint
RP988: 6/15/2010 8:39:24 PM - System Checkpoint
RP989: 6/16/2010 9:02:01 PM - System Checkpoint
RP990: 6/18/2010 11:44:14 AM - System Checkpoint
RP991: 6/19/2010 1:50:01 PM - System Checkpoint
RP992: 6/19/2010 7:50:21 PM - Removed EasyCleaner
RP993: 6/21/2010 10:15:08 AM - System Checkpoint
RP994: 6/22/2010 1:57:28 PM - Installed Compatibility Pack for the 2007 Office system
RP995: 6/23/2010 7:52:54 PM - System Checkpoint
RP996: 6/24/2010 3:00:23 AM - Software Distribution Service 3.0
RP997: 6/25/2010 4:10:35 AM - System Checkpoint
RP998: 6/25/2010 9:02:41 AM - Avg Update
RP999: 6/26/2010 11:42:54 AM - System Checkpoint
RP1000: 6/28/2010 11:11:16 AM - System Checkpoint
RP1001: 6/29/2010 11:16:36 AM - System Checkpoint
RP1002: 6/30/2010 8:35:09 PM - System Checkpoint
RP1003: 7/1/2010 10:06:00 PM - System Checkpoint
RP1004: 7/5/2010 8:30:21 PM - System Checkpoint
RP1005: 7/6/2010 8:55:45 PM - System Checkpoint
RP1006: 7/7/2010 9:35:47 PM - System Checkpoint
RP1007: 7/8/2010 10:07:58 PM - System Checkpoint
RP1008: 7/9/2010 10:43:28 PM - System Checkpoint
RP1009: 7/10/2010 11:01:29 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Apple Software Update
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Belarc Advisor 7.2
BufferChm
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
Diablo II
DivX Web Player
FullDPAppQFolder
Glary Utilities 2.22.0.896
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DVD Play 2.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Rhapsody
HP Update
HP User Guides--System Recovery
HP User Guides 0025
HP Wireless Assistant 2.00 C1
HpSdpAppCoreApp
Image Resizer Powertoy for Windows XP
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.56.1
Logitech MouseWare 9.76
Logitech Resource Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 2003 Trial Assistant
OptionalContentQFolder
PhotoGallery
Quick Launch Buttons 5.20 G1
QuickTime
RandMap
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SkinsHP1
Skypeâ„¢ 3.2
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
SwordSearcher 4.1 Deluxe
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
TuneXP 1.5
Uninstall Startup Inspector
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2007 Restore/Remove First
WinPatrol 2007 Step 2
Wireless Home Network Setup
World of Warcraft
ZIP Reader 8.00.0018

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tony at 16:15:28.84 on Sun 07/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1206 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tony\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: msn.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://notesshecl2.pb.com/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 SpywareInfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\wldfjc5l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|Error
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\tony\application data\mozilla\firefox\profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-27 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-27 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-27 242896]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]

=============== Created Last 30 ================

==================== Find3M ====================

2010-07-11 15:45:16 46 ----a-w- c:\documents and settings\tony\jagex_runescape_preferences.dat
2010-07-11 15:44:58 99 ----a-w- c:\documents and settings\tony\jagex_runescape_preferences2.dat
2010-06-02 15:32:22 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-03 17:59:21 0 ----a-w- c:\documents and settings\tony\jagex__preferences3.dat
2010-05-03 17:57:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

============= FINISH: 16:16:18.09 ===============

broni · 2010/07/17

STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

TJGarner · 2010/07/18

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-18 19:02:50
Windows 5.1.2600 Service Pack 3
Running: gnlymdok.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\ugriypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4324

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/18/2010 5:42:38 PM
mbam-log-2010-07-18 (17-42-38).txt

Scan type: Quick scan
Objects scanned: 143482
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/07/18

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

TJGarner · 2010/07/19

ComboFix 10-07-18.05 - Tony 07/19/2010 14:32:00.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1532 [GMT -4:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-18 21:33 . 2010-07-18 21:33 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-07-18 21:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 21:33 . 2010-07-18 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 21:33 . 2010-07-18 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 21:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 13:42 . 2010-07-15 13:42 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 13:42 . 2010-07-15 13:42 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 13:40 . 2010-07-15 13:40 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 13:40 . 2010-07-15 13:40 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 13:40 . 2010-07-15 13:40 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 13:40 . 2010-07-15 13:40 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 18:30 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-22 17:57 . 2010-06-22 17:57 -------- d-----w- c:\program files\MSECache
2010-06-20 12:33 . 2010-07-06 12:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-20 00:56 . 2010-06-22 00:28 -------- d-----w- c:\documents and settings\Tony\Application Data\wsInspector
2010-06-20 00:54 . 2010-06-20 00:55 -------- d-----w- c:\program files\Startup Inspector for Windows
2010-06-20 00:45 . 2010-06-20 00:45 720896 ----a-w- c:\windows\iun6002.exe
2010-06-20 00:45 . 2010-06-20 00:46 -------- d-----w- c:\program files\TuneXP
2010-06-20 00:08 . 2010-06-20 00:43 -------- d-----w- c:\program files\Free Window Registry Repair
2010-06-19 23:42 . 2010-06-19 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC
2010-06-19 20:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-06-19 20:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-19 20:42 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-19 20:42 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 18:21 . 2009-12-01 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-19 18:12 . 2009-03-17 02:30 46 ----a-w- c:\documents and settings\Tony\jagex_runescape_preferences.dat
2010-07-19 18:12 . 2009-09-20 15:25 99 ----a-w- c:\documents and settings\Tony\jagex_runescape_preferences2.dat
2010-07-18 21:53 . 2009-12-16 17:43 0 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\prvlcl.dat
2010-07-17 18:49 . 2010-06-16 17:25 -------- d-----w- c:\program files\World of Warcraft
2010-06-22 17:48 . 2010-06-17 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-22 01:55 . 2006-12-10 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 00:47 . 2006-12-10 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 23:50 . 2009-01-17 01:17 -------- d-----w- c:\program files\IObit
2010-06-19 12:15 . 2008-02-28 20:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 18:25 . 2007-08-27 21:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 04:11 . 2010-05-23 04:11 503808 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71ee52ba-n\msvcp71.dll
2010-05-23 04:11 . 2010-05-23 04:11 61440 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-551822bf-n\decora-sse.dll
2010-05-23 04:11 . 2010-05-23 04:11 499712 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71ee52ba-n\jmc.dll
2010-05-23 04:11 . 2010-05-23 04:11 348160 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71ee52ba-n\msvcr71.dll
2010-05-23 04:11 . 2010-05-23 04:11 12800 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-551822bf-n\decora-d3d.dll
2010-05-22 05:48 . 2010-05-22 05:48 503808 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-581d0187-n\msvcp71.dll
2010-05-22 05:48 . 2010-05-22 05:48 61440 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10bcf125-n\decora-sse.dll
2010-05-22 05:48 . 2010-05-22 05:48 499712 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-581d0187-n\jmc.dll
2010-05-22 05:48 . 2010-05-22 05:48 348160 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-581d0187-n\msvcr71.dll
2010-05-22 05:48 . 2010-05-22 05:48 12800 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10bcf125-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 17:59 . 2010-05-03 17:59 0 ----a-w- c:\documents and settings\Tony\jagex__preferences3.dat
2010-05-03 17:58 . 2010-05-03 17:58 61440 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33bc9182-n\decora-sse.dll
2010-05-03 17:58 . 2010-05-03 17:58 503808 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8be032-n\msvcp71.dll
2010-05-03 17:58 . 2010-05-03 17:58 499712 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8be032-n\jmc.dll
2010-05-03 17:58 . 2010-05-03 17:58 348160 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8be032-n\msvcr71.dll
2010-05-03 17:58 . 2010-05-03 17:58 12800 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33bc9182-n\decora-d3d.dll
2010-05-03 17:57 . 2010-05-03 17:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"hpWirelessAssistant "= "c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"Logitech Utility "= "Logi_MwX.Exe" [2003-03-04 19968]
"RecGuard "= "c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\World of Warcraft\\Repair.exe "=
"c:\\Program Files\\Logitech\\Resource Center\\ResCentr.exe "=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader
"6112:TCP "= 6112:TCP:Blizzard Downloader

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 08:00]

2010-07-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-05 01:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: msn.com\www
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://www.wowwiki.com/Portal:Main|...n-us|http://www.worldofwarcraft.com/index.xml
FF - plugin: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 14:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????2?n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-19 14:38:04
ComboFix-quarantined-files.txt 2010-07-19 18:37

Pre-Run: 23,413,043,200 bytes free
Post-Run: 23,460,171,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8F06133C8CC5A8E1042BBCCE825CF19D

broni · 2010/07/19

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\documents and settings\Tony\Local Settings\Application Data\prvlcl.dat


Folder::
c:\program files\Free Window Registry Repair
c:\documents and settings\All Users\Application Data\SpeedyPC
c:\program files\IObit

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

TJGarner · 2010/07/19

ComboFix 10-07-19.01 - Tony 07/19/2010 17:53:26.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1328 [GMT -4:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tony\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Tony\Local Settings\Application Data\prvlcl.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SpeedyPC
c:\documents and settings\All Users\Application Data\SpeedyPC\multipledetection.dat
c:\documents and settings\Tony\Local Settings\Application Data\prvlcl.dat
c:\program files\Free Window Registry Repair
c:\program files\Free Window Registry Repair\Backup\2010_06_19_201216.reg
c:\program files\Free Window Registry Repair\Backup\2010_06_19_201537.reg
c:\program files\Free Window Registry Repair\Backup\2010_06_19_201903.reg
c:\program files\Free Window Registry Repair\Backup\2010_06_19_203845.reg
c:\program files\Free Window Registry Repair\Backup\2010_06_19_204301.reg
c:\program files\Free Window Registry Repair\Settings.dat
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\UpdateLog.txt

.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-19 18:50 . 2010-07-19 18:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 18:50 . 2010-07-19 18:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 18:50 . 2010-07-19 18:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-19 18:50 . 2010-07-19 18:50 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-19 18:49 . 2010-07-19 21:41 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-18 21:33 . 2010-07-18 21:33 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-07-18 21:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 21:33 . 2010-07-18 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 21:33 . 2010-07-18 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 21:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 13:42 . 2010-07-15 13:42 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 13:42 . 2010-07-15 13:42 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 13:40 . 2010-07-15 13:40 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 13:40 . 2010-07-15 13:40 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 13:40 . 2010-07-15 13:40 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 13:40 . 2010-07-15 13:40 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 18:30 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-22 17:57 . 2010-06-22 17:57 -------- d-----w- c:\program files\MSECache
2010-06-20 12:33 . 2010-07-06 12:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-20 00:56 . 2010-06-22 00:28 -------- d-----w- c:\documents and settings\Tony\Application Data\wsInspector
2010-06-20 00:54 . 2010-06-20 00:55 -------- d-----w- c:\program files\Startup Inspector for Windows
2010-06-20 00:45 . 2010-06-20 00:45 720896 ----a-w- c:\windows\iun6002.exe
2010-06-20 00:45 . 2010-06-20 00:46 -------- d-----w- c:\program files\TuneXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 18:47 . 2009-12-01 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-19 18:12 . 2009-03-17 02:30 46 ----a-w- c:\documents and settings\Tony\jagex_runescape_preferences.dat
2010-07-19 18:12 . 2009-09-20 15:25 99 ----a-w- c:\documents and settings\Tony\jagex_runescape_preferences2.dat
2010-07-17 18:49 . 2010-06-16 17:25 -------- d-----w- c:\program files\World of Warcraft
2010-06-22 17:48 . 2010-06-17 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-22 01:55 . 2006-12-10 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 00:47 . 2006-12-10 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 12:15 . 2008-02-28 20:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 18:25 . 2007-08-27 21:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 04:11 . 2010-05-23 04:11 503808 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71ee52ba-n\msvcp71.dll
2010-05-23 04:11 . 2010-05-23 04:11 61440 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-551822bf-n\decora-sse.dll
2010-05-23 04:11 . 2010-05-23 04:11 499712 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71ee52ba-n\jmc.dll
2010-05-23 04:11 . 2010-05-23 04:11 348160 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71ee52ba-n\msvcr71.dll
2010-05-23 04:11 . 2010-05-23 04:11 12800 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-551822bf-n\decora-d3d.dll
2010-05-22 05:48 . 2010-05-22 05:48 503808 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-581d0187-n\msvcp71.dll
2010-05-22 05:48 . 2010-05-22 05:48 61440 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10bcf125-n\decora-sse.dll
2010-05-22 05:48 . 2010-05-22 05:48 499712 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-581d0187-n\jmc.dll
2010-05-22 05:48 . 2010-05-22 05:48 348160 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-581d0187-n\msvcr71.dll
2010-05-22 05:48 . 2010-05-22 05:48 12800 ----a-w- c:\documents and settings\Bridget\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10bcf125-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 17:59 . 2010-05-03 17:59 0 ----a-w- c:\documents and settings\Tony\jagex__preferences3.dat
2010-05-03 17:58 . 2010-05-03 17:58 61440 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33bc9182-n\decora-sse.dll
2010-05-03 17:58 . 2010-05-03 17:58 503808 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8be032-n\msvcp71.dll
2010-05-03 17:58 . 2010-05-03 17:58 499712 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8be032-n\jmc.dll
2010-05-03 17:58 . 2010-05-03 17:58 348160 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8be032-n\msvcr71.dll
2010-05-03 17:58 . 2010-05-03 17:58 12800 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33bc9182-n\decora-d3d.dll
2010-05-03 17:57 . 2010-05-03 17:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"hpWirelessAssistant "= "c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"Logitech Utility "= "Logi_MwX.Exe" [2003-03-04 19968]
"RecGuard "= "c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 18:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\World of Warcraft\\Repair.exe "=
"c:\\Program Files\\Logitech\\Resource Center\\ResCentr.exe "=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader
"6112:TCP "= 6112:TCP:Blizzard Downloader

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/19/2010 2:50 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/19/2010 2:50 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 2:48 PM 308136]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVG9WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 08:00]

2010-07-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-05 01:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: msn.com\www
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://www.wowwiki.com/Portal:Main|...n-us|http://www.worldofwarcraft.com/index.xml
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????2?n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-19 18:00:10
ComboFix-quarantined-files.txt 2010-07-19 22:00
ComboFix2.txt 2010-07-19 18:38

Pre-Run: 23,183,310,848 bytes free
Post-Run: 23,270,350,848 bytes free

- - End Of File - - E4F54801BCBB960229C64E9395D87B26

broni · 2010/07/19

Good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

TJGarner · 2010/07/20

OTL logfile created on: 7/20/2010 5:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 25.69 Gb Free Space | 38.30% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 1.02 Gb Free Space | 13.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
PRC - [2010/07/19 14:49:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/19 14:49:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/19 14:49:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/19 14:49:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/19 14:49:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/28 15:46:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 15:46:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/22 11:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2003/03/19 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/03/19 10:50:00 | 000,042,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\CCMSGHK.DLL
MOD - [2003/03/19 10:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/03/19 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

========== Driver Services (SafeList) ==========

DRV - [2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/12/01 19:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 06:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 16:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 13:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 13:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/03/04 05:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 05:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 05:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/|http://www.wowwiki.com/Portal:Main|http://www.aol.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1267321940&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us|http://www.worldofwarcraft.com/index.xml "
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/19 14:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 15:46:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 15:46:42 | 000,000,000 | ---D | M]

[2009/02/20 20:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2010/07/18 08:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions
[2007/11/15 19:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com
[2010/07/19 17:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 13:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/03 13:57:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/19 17:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://notesshecl2.pb.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/20 17:20:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/19 14:50:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:09 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:02 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/19 14:30:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/19 14:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 17:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Malwarebytes
[2010/07/18 17:33:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 19:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/22 13:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/19 20:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\wsInspector
[2010/06/19 20:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\My Documents\wsInspector
[2010/06/19 20:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2010/06/19 20:45:42 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/06/19 20:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\TuneXP
[2010/06/19 13:25:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony\Recent
[2010/06/17 07:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/06/16 13:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/05/13 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup
[2010/05/03 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

========== Files - Modified Within 90 Days ==========

[2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:20:23 | 000,086,992 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 09:56:25 | 062,233,142 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 19:36:15 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/07/19 18:00:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 17:58:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 17:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 14:50:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:50:00 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:30:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/19 14:28:14 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/19 14:28:13 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/19 14:28:13 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/19 14:24:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 14:24:13 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/07/19 14:23:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 14:23:34 | 2011,418,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 14:22:53 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Tony\ntuser.dat
[2010/07/19 14:22:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tony\ntuser.ini
[2010/07/19 14:22:48 | 004,837,434 | -H-- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\IconCache.db
[2010/07/19 14:12:47 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences.dat
[2010/07/19 14:12:40 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences2.dat
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2010/07/06 08:52:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 19:16:59 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/01 09:50:26 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc
[2010/06/21 19:48:58 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 20:45:33 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/06/18 11:00:46 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Bridget Garner Cover Letter & Resume.doc
[2010/06/11 12:35:28 | 000,000,666 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/08 13:10:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\MBCoAmerge.doc
[2010/05/03 13:59:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tony\jagex__preferences3.dat
[2010/04/30 13:14:47 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Shortcut to AddOns.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/19 14:50:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:49:54 | 062,233,142 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 14:30:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/19 14:30:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 20:29:59 | 2011,418,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/21 19:47:42 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 08:33:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 11:00:46 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Bridget Garner Cover Letter & Resume.doc
[2010/06/16 13:25:53 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/11 14:47:18 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc
[2010/05/08 13:10:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\MBCoAmerge.doc
[2010/05/03 13:59:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony\jagex__preferences3.dat
[2010/04/30 13:14:47 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Shortcut to AddOns.lnk
[2008/02/23 10:59:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/10 18:33:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/10 18:33:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/10 18:33:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/10 15:08:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 02:03:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/19 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/05/16 20:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/04/12 02:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/09/17 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/05 00:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\GlarySoft
[2010/05/08 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\IObit
[2006/12/10 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Leadertech
[2007/09/09 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\My Sam's Club Digital Photo Center
[2006/12/10 15:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\OfficeUpdate12
[2010/02/23 20:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Turbine
[2007/03/15 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\WinPatrol
[2010/06/21 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\wsInspector
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job
[2010/07/19 14:24:13 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/12/09 18:02:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/19 14:30:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/19 18:00:10 | 000,017,488 | ---- | M] () -- C:\ComboFix.txt
[2007/07/26 17:24:35 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2010/07/19 14:23:34 | 2011,418,624 | -HS- | M] () -- C:\hiberfil.sys
[2007/08/19 09:41:58 | 000,000,297 | ---- | M] () -- C:\hpqp.ini
[2006/12/10 16:41:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/12/10 16:41:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/09/10 19:25:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/19 14:23:32 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2007/09/02 13:08:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/10/15 14:41:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/11/06 13:45:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/04/26 08:18:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/16 16:04:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/16 16:06:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/04 23:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/30 20:37:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/30 20:59:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/05/27 18:04:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/05/27 18:06:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/05/27 22:44:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/06/11 21:20:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/06/11 21:20:38 | 000,000,148 | -H-- | M] () -- C:\sqmdata13.sqm
[2007/07/30 18:29:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2007/07/30 18:29:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2007/09/02 13:08:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/09/02 13:08:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2007/09/02 13:08:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2007/09/02 13:08:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2007/09/02 13:08:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/10/15 14:41:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/11/06 13:45:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/04/26 08:18:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/16 16:04:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/16 16:06:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/04 23:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/30 20:37:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/30 20:59:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/05/27 18:04:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/05/27 18:06:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/05/27 22:44:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/06/11 21:20:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/06/11 21:20:38 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/07/30 18:29:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2007/07/30 18:29:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007/09/02 13:08:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2007/09/02 13:08:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2007/09/02 13:08:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2007/09/02 13:08:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/08/19 09:41:52 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/09/24 03:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 01:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 01:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
< End of report >

TJGarner · 2010/07/20

OTL Extras logfile created on: 7/20/2010 5:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 25.69 Gb Free Space | 38.30% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 1.02 Gb Free Space | 13.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:World of Warcraft - Repair -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Logitech\Resource Center\ResCentr.exe" = C:\Program Files\Logitech\Resource Center\ResCentr.exe:*:Enabled:Resource Center -- (Logitech Inc. )
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{446E6F82-8899-447D-86EB-2399F453C858}" = SwordSearcher 4.1 Deluxe
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skypeâ„¢ 3.2
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{736CE9DD-F589-485B-ACFF-78C235A57066}" = WinPatrol 2007 Step 2
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"Diablo II" = Diablo II
"Glary Utilities_is1" = Glary Utilities 2.22.0.896
"HijackThis" = HijackThis 2.0.2
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneXP_1.5" = TuneXP 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol 2007" = WinPatrol 2007 Restore/Remove First
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2009 6:48:23 PM | Computer Name = MYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.250, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/1/2009 12:52:20 AM | Computer Name = MYLAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 12/4/2009 1:12:28 PM | Computer Name = MYLAPTOP | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 716 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 12/4/2009 1:12:28 PM | Computer Name = MYLAPTOP | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 12/4/2009 1:12:28 PM | Computer Name = MYLAPTOP | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 716 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 12/4/2009 1:12:33 PM | Computer Name = MYLAPTOP | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 716 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 12/4/2009 1:12:33 PM | Computer Name = MYLAPTOP | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 716 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 3/4/2010 8:30:19 AM | Computer Name = MYLAPTOP | Source = BugSplat | ID = 1
Description =

Error - 5/28/2010 10:58:15 PM | Computer Name = MYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application em_exec.exe, version 9.76.46.0, faulting module
comnctr.dll, version 9.76.46.0, fault address 0x0000b0c3.

Error - 6/30/2010 7:09:41 PM | Computer Name = MYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 6/26/2010 2:31:54 PM | Computer Name = MYLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIDGET-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{504C502C-BE4F-439. The master browser is stopping or an election is
being forced.

Error - 6/26/2010 3:31:57 PM | Computer Name = MYLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIDGET-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{504C502C-BE4F-439. The master browser is stopping or an election is
being forced.

Error - 6/26/2010 5:07:54 PM | Computer Name = MYLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIDGET-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{504C502C-BE4F-439. The master browser is stopping or an election is
being forced.

Error - 6/28/2010 10:13:59 AM | Computer Name = MYLAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.103 on
the Network Card with network address 0014A5EC2ABA.

Error - 7/1/2010 9:37:52 AM | Computer Name = MYLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIDGET-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{504C502C-BE4F-439. The master browser is stopping or an election is
being forced.

Error - 7/1/2010 10:37:53 AM | Computer Name = MYLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIDGET-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{504C502C-BE4F-439. The master browser is stopping or an election is
being forced.

Error - 7/19/2010 2:07:53 PM | Computer Name = MYLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 0014A5EC2ABA has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/19/2010 2:17:19 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/19/2010 2:17:39 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/19/2010 2:18:00 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

< End of report >

broni · 2010/07/20

How is your computer doing at the moment?

Update your Java version here: http://www.java.com/en/download/installed.jsp
During installation, make sure to UN-check any pre-checked extra "garbage" installation, like Yahoo toolbar, or others.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

===========================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2010/07/20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/13 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA


:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 "EnableFirewall" =dword:00000001


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

TJGarner · 2010/07/21

To answer your question, it is running better. It doesn't seem to max out all the time, and some things seem to process faster. My wife uses it more now than I do. She hasn't complained about it, and I forget to ask her if it seems to be running better for her.

OTL logfile created on: 7/22/2010 12:04:05 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 25.68 Gb Free Space | 38.28% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 1.02 Gb Free Space | 13.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
PRC - [2010/07/19 14:49:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/19 14:49:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/19 14:49:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/19 14:49:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/19 14:49:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/22 11:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2003/03/04 05:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE

========== Modules (SafeList) ==========

MOD - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tony\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/12/01 19:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 06:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 16:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 13:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 13:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/03/04 05:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 05:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 05:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/|http://www.wowwiki.com/Portal:Main|http://www.aol.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1267321940&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us|http://www.worldofwarcraft.com/index.xml "
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 19:34:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 19:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 19:12:47 | 000,000,000 | ---D | M]

[2009/02/20 20:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2010/07/21 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions
[2007/11/15 19:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com
[2010/07/21 23:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 13:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/21 23:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/19 17:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O15 - HKCU\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://notesshecl2.pb.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/21 23:51:58 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/21 23:51:58 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/21 23:51:58 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/20 17:20:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/19 14:50:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:09 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:02 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/19 14:30:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/19 14:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 17:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Malwarebytes
[2010/07/18 17:33:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 19:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/22 13:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/19 20:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\wsInspector
[2010/06/19 20:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\My Documents\wsInspector
[2010/06/19 20:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2010/06/19 20:45:42 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/06/19 20:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\TuneXP
[2010/06/19 13:25:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony\Recent
[2010/06/17 07:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/06/16 13:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/05/13 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup
[2010/05/03 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/03 13:57:47 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

========== Files - Modified Within 90 Days ==========

[2010/07/22 00:05:57 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/22 00:05:57 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/22 00:05:57 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 00:02:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/22 00:02:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/07/22 00:01:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 00:01:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 00:01:00 | 2011,418,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 00:00:06 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Tony\ntuser.dat
[2010/07/22 00:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tony\ntuser.ini
[2010/07/21 23:59:59 | 005,367,454 | -H-- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\IconCache.db
[2010/07/21 19:12:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/07/21 19:03:34 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences.dat
[2010/07/21 18:58:30 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences2.dat
[2010/07/21 18:24:26 | 062,305,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:20:23 | 000,086,992 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 17:58:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 17:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 14:50:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:50:00 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:30:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2010/07/06 08:52:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 19:16:59 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/01 09:50:26 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/21 19:48:58 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 20:45:33 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/06/18 11:00:46 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Bridget Garner Cover Letter & Resume.doc
[2010/06/11 12:35:28 | 000,000,666 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/08 13:10:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\MBCoAmerge.doc
[2010/05/03 13:59:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tony\jagex__preferences3.dat
[2010/04/30 13:14:47 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Shortcut to AddOns.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/19 14:50:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:49:54 | 062,305,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 14:30:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/19 14:30:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 20:29:59 | 2011,418,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/21 19:47:42 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 08:33:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 11:00:46 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Bridget Garner Cover Letter & Resume.doc
[2010/06/16 13:25:53 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/11 14:47:18 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc
[2010/05/08 13:10:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\MBCoAmerge.doc
[2010/05/03 13:59:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony\jagex__preferences3.dat
[2010/04/30 13:14:47 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Shortcut to AddOns.lnk
[2008/02/23 10:59:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/10 18:33:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/10 18:33:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/10 18:33:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/10 15:08:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 02:03:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/19 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/05/16 20:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/04/12 02:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/09/17 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/05 00:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\GlarySoft
[2010/05/08 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\IObit
[2006/12/10 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Leadertech
[2007/09/09 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\My Sam's Club Digital Photo Center
[2006/12/10 15:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\OfficeUpdate12
[2010/02/23 20:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Turbine
[2007/03/15 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\WinPatrol
[2010/06/21 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\wsInspector
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job
[2010/07/22 00:02:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
< End of report >
OTL logfile created on: 7/22/2010 12:04:05 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 25.68 Gb Free Space | 38.28% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 1.02 Gb Free Space | 13.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
PRC - [2010/07/19 14:49:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/19 14:49:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/19 14:49:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/19 14:49:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/19 14:49:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/22 11:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2003/03/04 05:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE

========== Modules (SafeList) ==========

MOD - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tony\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/12/01 19:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 06:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 16:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 13:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 13:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/03/04 05:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 05:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 05:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/|http://www.wowwiki.com/Portal:Main|http://www.aol.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1267321940&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us|http://www.worldofwarcraft.com/index.xml "
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 19:34:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 19:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 19:12:47 | 000,000,000 | ---D | M]

[2009/02/20 20:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2010/07/21 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions
[2007/11/15 19:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com
[2010/07/21 23:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 13:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/21 23:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/19 17:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O15 - HKCU\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://notesshecl2.pb.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/21 23:51:58 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/21 23:51:58 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/21 23:51:58 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/20 17:20:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/19 14:50:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:09 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:02 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/19 14:30:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/19 14:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 17:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Malwarebytes
[2010/07/18 17:33:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 19:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/22 13:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/19 20:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\wsInspector
[2010/06/19 20:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\My Documents\wsInspector
[2010/06/19 20:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2010/06/19 20:45:42 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/06/19 20:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\TuneXP
[2010/06/19 13:25:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony\Recent
[2010/06/17 07:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/06/16 13:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/05/13 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup
[2010/05/03 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/03 13:57:47 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

========== Files - Modified Within 90 Days ==========

[2010/07/22 00:05:57 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/22 00:05:57 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/22 00:05:57 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 00:02:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/22 00:02:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/07/22 00:01:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 00:01:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 00:01:00 | 2011,418,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 00:00:06 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Tony\ntuser.dat
[2010/07/22 00:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tony\ntuser.ini
[2010/07/21 23:59:59 | 005,367,454 | -H-- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\IconCache.db
[2010/07/21 19:12:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/07/21 19:03:34 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences.dat
[2010/07/21 18:58:30 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences2.dat
[2010/07/21 18:24:26 | 062,305,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:20:23 | 000,086,992 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 17:58:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 17:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 14:50:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:50:00 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:30:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2010/07/06 08:52:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 19:16:59 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/01 09:50:26 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/21 19:48:58 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 20:45:33 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/06/18 11:00:46 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Bridget Garner Cover Letter & Resume.doc
[2010/06/11 12:35:28 | 000,000,666 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/08 13:10:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\MBCoAmerge.doc
[2010/05/03 13:59:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tony\jagex__preferences3.dat
[2010/04/30 13:14:47 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Shortcut to AddOns.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/19 14:50:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:49:54 | 062,305,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 14:30:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/19 14:30:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 20:29:59 | 2011,418,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/21 19:47:42 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 08:33:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 11:00:46 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Bridget Garner Cover Letter & Resume.doc
[2010/06/16 13:25:53 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/11 14:47:18 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc
[2010/05/08 13:10:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\MBCoAmerge.doc
[2010/05/03 13:59:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony\jagex__preferences3.dat
[2010/04/30 13:14:47 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Shortcut to AddOns.lnk
[2008/02/23 10:59:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/10 18:33:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/10 18:33:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/10 18:33:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/10 15:08:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 02:03:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/19 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/05/16 20:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/04/12 02:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/09/17 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/05 00:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\GlarySoft
[2010/05/08 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\IObit
[2006/12/10 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Leadertech
[2007/09/09 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\My Sam's Club Digital Photo Center
[2006/12/10 15:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\OfficeUpdate12
[2010/02/23 20:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Turbine
[2007/03/15 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\WinPatrol
[2010/06/21 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\wsInspector
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job
[2010/07/22 00:02:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
< End of report >

broni · 2010/07/21

I'm glad to see your computer feeling better

You posted OTL quick scan log twice, but I don't see, you ran my script.
Please, redo.

TJGarner · 2010/07/22

I know where I made the mistake in posting the quick scan twice, sorry about that. Here is the one using your code.

OTL logfile created on: 7/22/2010 6:51:35 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 25.71 Gb Free Space | 38.33% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 1.02 Gb Free Space | 13.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/21 19:12:40 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/21 19:12:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
PRC - [2010/07/19 14:49:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/19 14:49:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/19 14:49:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/19 14:49:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/19 14:49:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/22 11:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2003/03/19 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/03/19 10:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/03/19 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/19 14:48:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tony\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/12/01 19:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 06:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 16:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 13:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 13:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/03/04 05:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 05:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 05:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/|http://www.wowwiki.com/Portal:Main|http://www.aol.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1267321940&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us|http://www.worldofwarcraft.com/index.xml "
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 19:34:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 19:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 19:12:47 | 000,000,000 | ---D | M]

[2009/02/20 20:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2010/07/21 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions
[2007/11/15 19:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\wldfjc5l.default\extensions\moveplayer@movenetworks.com
[2010/07/22 00:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 23:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/19 17:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O15 - HKCU\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://notesshecl2.pb.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/22 18:51:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/21 23:51:58 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/21 23:51:58 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/21 23:51:58 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/20 17:20:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/19 14:50:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:09 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:02 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/19 14:30:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/19 14:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 17:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Malwarebytes
[2010/07/18 17:33:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/14 14:30:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 19:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2010/07/22 09:27:36 | 062,322,183 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/22 00:05:57 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/22 00:05:57 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/22 00:05:57 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 00:02:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/22 00:02:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/07/22 00:01:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 00:01:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 00:01:00 | 2011,418,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 00:00:06 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Tony\ntuser.dat
[2010/07/22 00:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tony\ntuser.ini
[2010/07/21 23:59:59 | 005,367,454 | -H-- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\IconCache.db
[2010/07/21 19:12:21 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/07/21 19:03:34 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences.dat
[2010/07/21 18:58:30 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Tony\jagex_runescape_preferences2.dat
[2010/07/20 17:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2010/07/20 17:20:23 | 000,086,992 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 17:58:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 17:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 14:50:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 14:50:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 14:50:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/19 14:50:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/19 14:50:00 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:30:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/12 03:15:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2010/07/06 08:52:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 19:16:59 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/01 09:50:26 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\scavenger hunt list.doc

========== Files Created - No Company Name ==========

[2010/07/19 14:50:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/19 14:49:54 | 062,322,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 14:30:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/19 14:30:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2008/02/23 10:59:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/10 18:33:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/10 18:33:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/10 18:33:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/10 15:08:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 02:03:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< :OTL >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< [2010/07/20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix >
Invalid Switch: 20 17:18:56 | 000,000,000 | --SD | C] -- C:\ComboFix

< [2010/05/13 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup >
Invalid Switch: 13 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup

< @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA >

< >

< >

< :Services >

< >

< :Reg >

< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >

< "EnableFirewall" =dword:00000001 >

< >

< >

< :Files >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [resethosts] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA

< End of report >

broni · 2010/07/22

You're still doing something wrong.
Make sure, you copy the script from my reply #13, not from email notification and, that you copy a whole script, starting with a "colon" in front of "OTL" (1st line)

TJGarner · 2010/07/30

Ok, I really figured out what I was doing wrong. I was not hitting the "Run Fix ", I was hitting "Run Scan ". Below should be what you were looking for, and I am sorry for the ***** up. I think my brain vapor locked or something, this past week has been crazy.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\ComboFix folder moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\jgjtfoaup folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\ "EnableFirewall" |dword:00000001 /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 13165930 bytes
->Flash cache emptied: 627 bytes

User: All Users

User: Bridget
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 702479 bytes
->Java cache emptied: 5478613 bytes
->FireFox cache emptied: 16630102 bytes
->Flash cache emptied: 564 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 4837884 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Tony
->Temp folder emptied: 9262455 bytes
->Temporary Internet Files folder emptied: 1176731 bytes
->Java cache emptied: 2784167 bytes
->FireFox cache emptied: 83222962 bytes
->Flash cache emptied: 34919 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 49604 bytes

Total Files Cleaned = 131.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Bridget
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Tony
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07302010_190106

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/07/30

Now, you're talking

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

TJGarner · 2010/07/31

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
```````````````````````````````
Anti-malware/Other Utilities Check:
WinPatrol 2007 (Outdated! Latest version is WinPatrol 2009)
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

Kaspersky Scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 31, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 31, 2010 18:24:16
Records in database: 4182023
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 68956
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:54:39

No threats found. Scanned area is clean.

Selected area has been scanned.

Log in or Sign up

Solved CPU seems taxed

TJGarner Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved CPU seems taxed

TJGarner Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

Share This Page

Useful Searches