Solved Desktop icons and webpages enlarging to extreme

Karenb · 2010/11/17

[Resolved] Desktop icons and webpages enlarging to extreme

Last night my desktop icons and open webpages started to enlarge themselves as big as they would go. I couldn't get them to go back to normal so I restarted the computer and they were okay for a bit and then they started again.

Today my desktop icons started shaking just as if I was holding the computer in my hand and shaking it and they wouldn't stop until I restarted. I would try to type something and it would type what it wanted.

I have included a Malwarebytes logfile...GMER logfile...MBRCheck logfile and the 2 DDS logfiles.

I have windows 7 x64 and use Firefox.

Thanks KarenB
-------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5140

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/17/2010 2:39:50 PM
mbam-log-2010-11-17 (14-39-50).txt

Scan type: Quick scan
Objects scanned: 141844
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-17 15:44:45
Windows 6.1.7600
Running: 9koz6jq7.exe

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{651D4C1C-6D50-F5D9-2CAD-FE6D8D72495A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{651D4C1C-6D50-F5D9-2CAD-FE6D8D72495A}@iagngekimkjjaclmkh 0x6A 0x61 0x66 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{651D4C1C-6D50-F5D9-2CAD-FE6D8D72495A}@haammhbefeamjonc 0x6A 0x61 0x66 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{651D4C1C-6D50-F5D9-2CAD-FE6D8D72495A}@halebghaeopaecho 0x64 0x63 0x70 0x68 ...

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: NY638AA-ABA p6203w
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 155):
0x02C12000 \SystemRoot\system32\ntoskrnl.exe
0x031EE000 \SystemRoot\system32\hal.dll
0x00B9E000 \SystemRoot\system32\kdcom.dll
0x00C26000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C33000 \SystemRoot\system32\PSHED.dll
0x00C47000 \SystemRoot\system32\CLFS.SYS
0x00CA5000 \SystemRoot\system32\CI.dll
0x00E6F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F13000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F22000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F79000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F82000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F8C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FBF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCC000 \SystemRoot\System32\drivers\partmgr.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D65000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D7F000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01069000 \SystemRoot\system32\DRIVERS\storport.sys
0x010CB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010D6000 \SystemRoot\system32\drivers\fltmgr.sys
0x01122000 \SystemRoot\system32\drivers\fileinfo.sys
0x01136000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0121F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01142000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0147A000 \SystemRoot\System32\Drivers\cng.sys
0x014ED000 \SystemRoot\System32\drivers\pcw.sys
0x014FE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01508000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x011A0000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01000000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018F9000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01945000 \SystemRoot\System32\Drivers\spldr.sys
0x0194D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01987000 \SystemRoot\System32\Drivers\mup.sys
0x01999000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019A2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01830000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x0183A000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x018AD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018D7000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x018E6000 \SystemRoot\System32\Drivers\Null.SYS
0x018EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x019F2000 \SystemRoot\System32\drivers\vga.sys
0x011CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01460000 \SystemRoot\System32\drivers\watchdog.sys
0x01470000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013DC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013E5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0104A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01211000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03EF0000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03F51000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E00000 \SystemRoot\system32\drivers\afd.sys
0x040E6000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x0417B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04184000 \SystemRoot\system32\DRIVERS\pacer.sys
0x041AA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x041B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041D4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04068000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x04074000 \SystemRoot\System32\drivers\discache.sys
0x04083000 \SystemRoot\System32\Drivers\dfsc.sys
0x040A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E8A000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x041E8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x040D8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03F96000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03FEC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00DBD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04212000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04264000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x04287000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x043B8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x043BA000 \SystemRoot\system32\drivers\modem.sys
0x0488E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0538C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04477000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0456B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x045B1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045C1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x045D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0440C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0443B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04456000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0538E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x053A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04800000 \SystemRoot\system32\DRIVERS\ks.sys
0x04843000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05885000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A05000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x058F4000 \SystemRoot\system32\drivers\portcls.sys
0x05931000 \SystemRoot\system32\drivers\drmk.sys
0x05BE6000 \SystemRoot\system32\drivers\ksthunk.sys
0x05953000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05BEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05970000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05989000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05992000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x059A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059AE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x059B8000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x05800000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x05813000 \SystemRoot\System32\drivers\Dxapi.sys
0x0581F000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x0582F000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05842000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0584F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x05863000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x04855000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00630000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x05871000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x053C6000 \SystemRoot\system32\drivers\luafv.sys
0x043C9000 \SystemRoot\system32\drivers\WudfPf.sys
0x053E9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04870000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x043EA000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x01844000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0346C000 \SystemRoot\system32\drivers\HTTP.sys
0x03534000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03552000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0356A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03597000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03423000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x06A8B000 \SystemRoot\system32\drivers\peauth.sys
0x06B31000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B3C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B69000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B7B000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x06A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x078E8000 \SystemRoot\System32\DRIVERS\srv.sys
0x0797E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07800000 \SystemRoot\system32\drivers\spsys.sys
0x77490000 \Windows\System32\ntdll.dll
0x47D90000 \Windows\System32\smss.exe
0xFF7B0000 \Windows\System32\apisetschema.dll

Processes (total 80):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
408 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
464 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
588 csrss.exe
632 C:\Windows\System32\wininit.exe
656 csrss.exe
700 C:\Windows\System32\services.exe
728 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\lsass.exe
764 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\nvvsvc.exe
988 C:\Windows\System32\svchost.exe
460 C:\Windows\System32\svchost.exe
660 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\audiodg.exe
1108 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\nvvsvc.exe
1236 C:\Windows\System32\svchost.exe
1364 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1484 C:\Windows\System32\dwm.exe
1508 C:\Windows\explorer.exe
1752 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1856 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\svchost.exe
1968 C:\Windows\System32\taskhost.exe
1384 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1736 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2100 C:\Program Files\Logitech Mouse\SetPoint\SetPoint.exe
2320 C:\Program Files\LSI SoftModem\agr64svc.exe
2360 C:\Windows\System32\taskeng.exe
2388 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
2428 C:\Windows\System32\svchost.exe
2460 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
2572 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2988 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3008 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3052 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2380 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
2500 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
2584 C:\Windows\System32\conhost.exe
2940 C:\Program Files\Logitech Mouse\SetPoint\x86\SetPoint32.exe
2928 C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
2960 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
2256 C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2936 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3092 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3100 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
3288 C:\Windows\SysWOW64\PSIService.exe
3452 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
3476 C:\Windows\System32\svchost.exe
3484 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3492 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
3516 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
3552 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
2996 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2112 C:\Windows\System32\conhost.exe
4008 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4056 C:\Windows\System32\taskeng.exe
3108 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3184 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3672 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
4884 C:\Windows\System32\SearchIndexer.exe
4928 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4372 C:\Windows\System32\svchost.exe
3436 WUDFHost.exe
4816 C:\Program Files\Windows Media Player\wmpnetwk.exe
2124 C:\Windows\System32\SearchProtocolHost.exe
1500 C:\Windows\System32\SearchFilterHost.exe
1388 taskhost.exe
2160 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5036 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3904 C:\Windows\System32\sppsvc.exe
176 C:\Windows\System32\notepad.exe
4036 C:\Users\Karen\Desktop\Run Weekly\run for forum\MBRCheck\MBRCheck\MBRCheck.exe
2772 C:\Windows\System32\conhost.exe
5068 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`74800000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA, Rev: GM4O

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 443326A1AE1DFF3D0ADEB30884CF99B031114F84

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

-------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2009 11:31:46 PM
System Uptime: 11/17/2010 4:02:51 PM (0 hours ago)

Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Athlon(tm) II X2 215 Processor | Socket AM2 | 2700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 454 GiB total, 358.17 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.165 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

==== System Restore Points ===================

RP200: 11/16/2010 9:32:45 PM - Restore Operation
RP201: 11/17/2010 12:15:47 PM - 11-17 before microsoft updates
RP202: 11/17/2010 12:33:08 PM - Windows Update

==== Installed Programs ======================

ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9.3.3
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Textures
AMP Font Viewer
AnyDVD
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
Auslogics Disk Defrag ScreenSaver
Canon MP Navigator EX 3.0
Color Efex Pro 3.0 Corel Sampler
Compatibility Pack for the 2007 Office system
ContactKeeper 1.4.3
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
erLT
Eye Candy 4000
Filter Forge 1.009
FLV Player 2.0 (build 25)
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Update Helper
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
ImageSkill Background Remover 3
ImgBurn
iSEEK AnswerWorks English Runtime
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 22
Jing
LabelPrint
LightScribe System Software
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2000
Microsoft Works
Moffsoft FreeCalc
Move Media Player
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
PHOTORECOVERY LE
Power2Go
PowerDirector
PowerRecover
Reader Library by Sony
Realtek High Definition Audio Driver
Seagate Manager Installer
Skypeâ„¢ 5.0
SUPERAntiSpyware Free Edition
Tidy Start Menu
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
V CAST Music with Rhapsody
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
ZoneAlarm

==== Event Viewer Messages From Past Week ========

11/17/2010 4:07:24 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: Hitachi HDP725050GLA360 Firmware Version: GM4O Serial Number: GEA534RJ3YLN2A Port: 0
11/17/2010 4:04:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
11/17/2010 4:03:41 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/17/2010 4:03:01 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/17/2010 4:03:01 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/16/2010 9:11:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
11/16/2010 8:21:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
11/16/2010 6:38:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
11/16/2010 6:21:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk8\DR10.
11/16/2010 10:01:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/16/2010 10:00:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2010 10:00:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2010 10:00:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2010 10:00:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/16/2010 10:00:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/16/2010 10:00:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/16/2010 10:00:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/16/2010 10:00:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Vsdatant Wanarpv6 WfpLwf
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2010 10:00:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2010 1:05:25 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
11/13/2010 12:26:08 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Karen at 16:09:18.06 on Wed 11/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3966.2529 [GMT -6:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Logitech Mouse\SetPoint\SetPoint.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Logitech Mouse\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
J:\run #4 - MBRcheck - DDS\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = my.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
uRun: [googsystray] C:\Program Files (x86)\googsystray\googsystray.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [ContactKeeper Birthday reminder] "C:\Program Files (x86)\ContactKeeper\ContactKeeper.exe" /Reminder
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover "
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe "
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech Mouse\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Karen\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-25 52856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 33008]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2009-10-14 823272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-12-16 67656]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-28 135664]
S3 PLTurbh;Prolific turbo filter driver for hdd;C:\Windows\System32\drivers\plturbh.sys [2010-2-9 12800]
S3 PLTurbo;Prolific turbo filter driver for odd;C:\Windows\System32\drivers\plturbo.sys [2010-2-9 14336]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 12872]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]

=============== Created Last 30 ================

2010-11-17 18:40:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-17 18:40:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-17 18:40:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-17 18:40:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-17 18:40:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-17 18:40:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-17 18:40:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-17 18:40:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-17 18:40:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-17 18:40:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-17 18:33:48 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-17 18:31:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-17 18:31:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-17 18:31:58 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-17 18:26:47 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-12 19:55:05 606208 ----a-w- C:\Windows\SysWow64\clsNRN22.dll
2010-11-12 19:55:05 32256 ----a-w- C:\Windows\SysWow64\Decln.dll
2010-11-12 19:55:05 14629 ----a-w- C:\Windows\SysWow64\Declw.dll
2010-11-12 19:55:04 86016 ----a-w- C:\Windows\SysWow64\clsNCX22.dll
2010-11-12 19:55:04 38400 ----a-w- C:\Windows\SysWow64\clsNOL22.dll
2010-11-12 19:55:04 125952 ----a-w- C:\Windows\SysWow64\clsNPB22.dll
2010-11-12 19:48:42 77824 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npmirage.dll
2010-11-12 19:48:42 323584 ----a-w- C:\Windows\SysWow64\mfimage.dll
2010-11-02 04:04:51 -------- d-----w- C:\Users\Karen\AppData\Roaming\Filter Forge
2010-11-02 04:04:16 1030144 ----a-w- C:\Windows\SysWow64\dbghelp-xfw.dll
2010-11-02 04:04:14 -------- d-----w- C:\Program Files (x86)\Filter Forge
2010-10-27 22:28:09 -------- d-----r- C:\Program Files (x86)\Skype
2010-10-22 06:59:38 171880 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-20 13:54:16 -------- d-----w- C:\Users\Karen\AppData\Roaming\AVG10
2010-10-20 13:51:48 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-20 13:49:10 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-10-20 13:49:10 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-20 13:29:24 -------- d-----w- C:\PROGRA~3\MFAData

==================== Find3M ====================

2010-11-04 01:43:17 2516 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2010-09-30 21:25:10 40104 ----a-w- C:\Windows\System32\drivers\ElbyCDIO.sys
2010-09-30 11:18:24 89256 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-14 13:16:15 125888 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2010-09-13 21:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 08:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-07 08:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-07 08:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-07 08:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-20 02:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2010-08-20 02:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

============= FINISH: 16:10:19.53 ===============

broni · 2010/11/18

It looks like have some MBR problem.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Karenb · 2010/11/18

Before I start this what is an "MBR problem ",what does this problem cause,and did a virus cause this?

broni · 2010/11/18

Possibly.

Found non-standard or infected MBR.
Click to expand...

...so, we have to fix it.

Karenb · 2010/11/18

It sounds very scary to do. On the page that explains how to do the bios thing;do I do everything down to where it starts talking about Dell?

broni · 2010/11/18

Your computer is HP, not Dell, so it doesn't concerns you.

Karenb · 2010/11/18

Broni when I set the bios to "1st boot device to cdrom and 2nd to harddrive" do I have to save these settings and if so when I am finished and everything is fixed and I don't use the cd to boot will the computer boot normally with the harddrive? I just want to make sure I understand all this before I try this.

broni · 2010/11/18

Yes, you have to save those settings and you can leave them set that way. It won't bother anything.

Karenb · 2010/11/26

Okay, I got all the way to "Enter 2 to overwrite the infected MBRcode with the windows 7 MBRcode ". I did that. The next step you had was when asked to confirm please do so but I just got another screen that said

MBR Partition Info HDO
Please choose one of the following options:

1-Back up 1st track.
3-Reset EMBR Area to zero.
4-Reset MBR to zero.
5-Install standard MBR Code.
6-Set a partition active.
9-Edit partition entry.
C-Capture sectors.
R-Restore sectors.
T-Transfer sectors.
P-Compare sectors.
E-Exit

Well I hit E for exit because that screen wasn't in your list and scared me. So what do I do with that screen?

broni · 2010/11/26

You mixed up something....
It should go like this:

....

[*]Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

[*]On the following screen enter 5 to select Install Standard MBR code.

[*]Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.

....

Post fresh MBRCheck log and we'll see what happened.

Karenb · 2010/11/26

Thats exactly what I did before this other screen came up. Let me try it again.

Karenb · 2010/11/26

Here's a fresh MBRCheck. I redid that and all it did was kept sending me in circles back to the screen where I select 5 then 2 then it would start me all over again. lol Here is the MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: NY638AA-ABA p6203w
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 154):
0x02C5C000 \SystemRoot\system32\ntoskrnl.exe
0x02C13000 \SystemRoot\system32\hal.dll
0x00BCA000 \SystemRoot\system32\kdcom.dll
0x00C29000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C36000 \SystemRoot\system32\PSHED.dll
0x00C4A000 \SystemRoot\system32\CLFS.SYS
0x00CA8000 \SystemRoot\system32\CI.dll
0x00E5F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F03000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F12000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F69000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F72000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F7C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FBC000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE6000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D68000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x0100B000 \SystemRoot\system32\DRIVERS\storport.sys
0x0106D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01078000 \SystemRoot\system32\drivers\fltmgr.sys
0x010C4000 \SystemRoot\system32\drivers\fileinfo.sys
0x010D8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010E4000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01142000 \SystemRoot\System32\Drivers\cng.sys
0x013EE000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01410000 \SystemRoot\system32\drivers\ndis.sys
0x01502000 \SystemRoot\system32\drivers\NETIO.SYS
0x01562000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0158D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00DA6000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015D7000 \SystemRoot\System32\Drivers\spldr.sys
0x011B5000 \SystemRoot\System32\drivers\rdyboost.sys
0x015DF000 \SystemRoot\System32\Drivers\mup.sys
0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0184F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01889000 \SystemRoot\system32\DRIVERS\disk.sys
0x0189F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018CF000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x018D9000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x0194C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01976000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01985000 \SystemRoot\System32\Drivers\Null.SYS
0x0198E000 \SystemRoot\System32\Drivers\Beep.SYS
0x01995000 \SystemRoot\System32\drivers\vga.sys
0x019A3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019C8000 \SystemRoot\System32\drivers\watchdog.sys
0x019D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019EA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01811000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0182F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C65000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03CC6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D0B000 \SystemRoot\system32\drivers\afd.sys
0x03E3A000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x03ECF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03ED8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03EFE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F0D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F28000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03F3C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F8D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F99000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03FA4000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03FB0000 \SystemRoot\System32\drivers\discache.sys
0x03FBF000 \SystemRoot\System32\Drivers\dfsc.sys
0x03FDD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D95000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03DE4000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03E26000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03FEE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0120A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0401E000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04070000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x04093000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x041C4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041C6000 \SystemRoot\system32\drivers\modem.sys
0x048F1000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053EF000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x042A5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04399000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043DF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04216000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0423A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04246000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04275000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04800000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04821000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04290000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0483B000 \SystemRoot\system32\DRIVERS\ks.sys
0x0487E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04890000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x041D5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05614000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05855000 \SystemRoot\system32\drivers\portcls.sys
0x05892000 \SystemRoot\system32\drivers\drmk.sys
0x058B4000 \SystemRoot\system32\drivers\ksthunk.sys
0x058BA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x058D7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x058E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x058FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05907000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05915000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x05925000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05938000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05945000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x05959000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05974000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05985000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05993000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0599D000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x059DB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x059EE000 \SystemRoot\System32\drivers\Dxapi.sys
0x05800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x008C0000 \SystemRoot\System32\ATMFD.DLL
0x0580E000 \SystemRoot\system32\drivers\luafv.sys
0x05831000 \SystemRoot\system32\drivers\WudfPf.sys
0x041EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04000000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x057F5000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x05E32000 \SystemRoot\system32\drivers\HTTP.sys
0x05EFA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F18000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05F30000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05F5D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05FAB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05FCE000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x06A23000 \SystemRoot\system32\drivers\peauth.sys
0x06AC9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AD4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B01000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B13000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x06B47000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06EE3000 \SystemRoot\System32\DRIVERS\srv.sys
0x06F79000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06E00000 \SystemRoot\system32\drivers\spsys.sys
0x775B0000 \Windows\System32\ntdll.dll
0x47F70000 \Windows\System32\smss.exe
0xFF8D0000 \Windows\System32\apisetschema.dll

Processes (total 80):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
404 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
460 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
616 csrss.exe
672 C:\Windows\System32\wininit.exe
708 csrss.exe
740 C:\Windows\System32\services.exe
756 C:\Windows\System32\lsass.exe
764 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\nvvsvc.exe
1020 C:\Windows\System32\svchost.exe
620 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1140 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\nvvsvc.exe
1252 C:\Windows\System32\svchost.exe
1300 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1480 C:\Windows\System32\dwm.exe
1504 C:\Windows\explorer.exe
1736 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1908 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\svchost.exe
1984 C:\Windows\System32\taskhost.exe
1192 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1324 C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1600 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
552 C:\Program Files (x86)\TechSmith\Jing\Jing.exe
2152 C:\Program Files\Logitech Mouse\SetPoint\SetPoint.exe
2284 C:\Program Files\LSI SoftModem\agr64svc.exe
2404 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2416 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
2456 C:\Windows\System32\svchost.exe
2472 C:\Program Files\Logitech Mouse\SetPoint\x86\SetPoint32.exe
2480 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2504 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
2512 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
2536 C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
2576 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
2644 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2792 C:\Windows\SysWOW64\PSIService.exe
2860 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2884 C:\Windows\System32\svchost.exe
2976 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3040 C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2336 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
2908 C:\Windows\System32\taskeng.exe
3128 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3172 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
3248 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3748 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3784 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
3988 C:\Windows\System32\conhost.exe
4044 C:\Windows\System32\SearchIndexer.exe
4372 C:\Windows\System32\svchost.exe
4680 WUDFHost.exe
4936 C:\Program Files\Windows Media Player\wmpnetwk.exe
4272 C:\Windows\System32\taskeng.exe
4404 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4600 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4836 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4852 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
4052 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
4612 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4892 C:\Windows\System32\conhost.exe
4868 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
896 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4220 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4912 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3964 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2036 C:\Windows\System32\sppsvc.exe
2160 C:\Users\Karen\Desktop\MBRCheck.exe
3844 C:\Windows\System32\conhost.exe
4440 C:\Windows\System32\dllhost.exe
4332 WmiPrvSE.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`74800000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA, Rev: GM4O

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

broni · 2010/11/26

Good job
MBR is clean

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Karenb · 2010/11/26

Do I need to turn off antivirus or firewall?

broni · 2010/11/26

No....

Karenb · 2010/11/26

OTL.TXT

OTL logfile created on: 11/26/2010 8:30:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Karen\Desktop\New folder
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 360.00 Gb Free Space | 79.34% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.17 Gb Free Space | 18.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/26 20:20:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\New folder\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/07/13 00:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010/06/23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/26 23:47:52 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/26 23:47:49 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech Mouse\SetPoint\x86\SetPoint32.exe
PRC - [2009/05/26 02:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/08/18 16:53:48 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe

========== Modules (SafeList) ==========

MOD - [2010/11/26 20:20:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\New folder\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/26 07:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2009/12/29 00:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/06/10 15:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 15:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/26 07:35:34 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/01/17 14:49:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/30 15:25:10 | 000,040,104 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 07:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 02:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 02:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 02:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/05/26 07:35:12 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/02/25 19:57:39 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 10:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 10:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/26 18:14:20 | 000,014,336 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\plturbo.sys -- (PLTurbo)
DRV:64bit: - [2008/05/20 15:35:10 | 000,012,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\plturbh.sys -- (PLTurbh)
DRV - [2010/09/14 07:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/05/25 21:37:42 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/02/18 16:19:47 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 16:19:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.yahoo.com
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/06/26 15:25:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/24 09:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/02 07:53:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/16 21:41:51 | 000,000,000 | ---D | M]

[2009/11/26 23:50:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2010/11/26 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions
[2010/09/02 16:36:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/20 10:01:30 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/06/26 15:25:29 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/10/09 06:24:23 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/08/18 06:43:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 06:24:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/10/01 05:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/01/19 23:14:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/14 15:21:07 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/07/18 09:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/04/13 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\isreaditlater@ideashower.com
[2010/07/09 11:25:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\morningCoffee@shaneliesegang
[2010/10/09 06:24:23 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\personas@christopher.beard
[2010/01/14 00:28:45 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\318igd63.default\extensions\weatherwatcherlive@singerscreations.com
[2010/11/02 09:09:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/27 16:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/26 15:14:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 08:58:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 21:41:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files (x86)\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [googsystray] C:\Program Files (x86)\googsystray\googsystray.exe File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 20:20:12 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\New folder
[2010/11/26 18:07:33 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\NTBR_CD
[2010/11/20 15:14:22 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Paulette
[2010/11/12 13:55:05 | 000,606,208 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\clsNRN22.dll
[2010/11/12 13:55:04 | 000,125,952 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\clsNPB22.dll
[2010/11/12 13:55:04 | 000,086,016 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\clsNCX22.dll
[2010/11/12 13:55:04 | 000,038,400 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\clsNOL22.dll
[2010/11/12 13:48:42 | 000,323,584 | ---- | C] (Clearsand Corp.) -- C:\Windows\SysWow64\mfimage.dll
[2010/11/09 22:20:56 | 000,382,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/11/03 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\various
[2010/11/01 22:04:51 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Filter Forge
[2010/11/01 22:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Filter Forge
[2010/10/29 08:34:28 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\PaintShop Pro
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Users\Karen\*.tmp files -> C:\Users\Karen\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/26 20:07:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/26 19:44:24 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 19:44:24 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 19:41:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/26 19:41:14 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/26 19:41:14 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 19:37:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/26 19:36:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/26 19:36:33 | 3119,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/26 18:06:00 | 002,565,432 | ---- | M] () -- C:\Users\Karen\Desktop\NTBR_CD.exe
[2010/11/26 17:51:23 | 100,289,547 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/11/24 09:50:49 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/24 09:41:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKaren.job
[2010/11/22 10:57:33 | 000,068,287 | ---- | M] () -- C:\Users\Karen\Desktop\When_I_try_to_download_Angel_16.png
[2010/11/18 14:49:44 | 001,421,319 | ---- | M] () -- C:\Users\Karen\Desktop\Image2.png
[2010/11/17 15:59:52 | 000,080,384 | ---- | M] () -- C:\Users\Karen\Desktop\MBRCheck.exe
[2010/11/17 12:46:41 | 002,283,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/12 20:32:41 | 000,002,515 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/11/03 19:46:34 | 000,077,575 | ---- | M] () -- C:\Users\Karen\Desktop\Dots.rar
[2010/11/03 19:43:17 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/31 09:46:37 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Karen\*.tmp files -> C:\Users\Karen\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/26 19:39:47 | 000,080,384 | ---- | C] () -- C:\Users\Karen\Desktop\MBRCheck.exe
[2010/11/26 18:05:08 | 002,565,432 | ---- | C] () -- C:\Users\Karen\Desktop\NTBR_CD.exe
[2010/11/24 09:50:49 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/22 10:57:33 | 000,068,287 | ---- | C] () -- C:\Users\Karen\Desktop\When_I_try_to_download_Angel_16.png
[2010/11/18 14:49:42 | 001,421,319 | ---- | C] () -- C:\Users\Karen\Desktop\Image2.png
[2010/11/12 20:32:41 | 000,002,515 | ---- | C] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/12 13:55:05 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\Decln.dll
[2010/11/12 13:55:05 | 000,014,629 | ---- | C] () -- C:\Windows\SysWow64\Declw.dll
[2010/11/03 19:46:32 | 000,077,575 | ---- | C] () -- C:\Users\Karen\Desktop\Dots.rar
[2010/08/03 08:58:18 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2010/07/04 19:07:53 | 000,870,128 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\mcs.rma
[2010/07/04 19:07:53 | 000,000,004 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\2E5D6C
[2010/05/06 12:40:32 | 000,000,017 | ---- | C] () -- C:\Users\Karen\AppData\Local\resmon.resmoncfg
[2010/04/03 21:24:40 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/25 19:57:24 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/02/09 14:01:01 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/01/17 12:23:06 | 000,035,979 | ---- | C] () -- C:\Program Files (x86)\Photoshop CS3 Read Me.html
[2009/12/02 12:11:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/30 22:22:56 | 000,000,190 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\wklnhst.dat
[2009/11/28 18:48:10 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/28 18:48:10 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\2A56F6E3C0.sys
[2009/11/28 18:41:17 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/28 18:41:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\2A56F6E3C0.sys
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/05 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Alien Skin
[2010/02/03 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AMPSoft
[2010/02/22 00:54:38 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Auslogics
[2010/10/20 07:54:16 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG10
[2009/11/27 11:01:08 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG9
[2010/03/11 22:40:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Canon
[2009/12/23 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\CheckPoint
[2009/12/12 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\ColorCop
[2010/07/19 13:46:34 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\EurekaLog
[2010/11/01 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Filter Forge
[2010/05/02 18:51:34 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\ImgBurn
[2009/11/27 09:24:22 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Leadertech
[2010/08/04 11:24:51 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\QuickScan
[2010/04/19 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Stardock
[2010/04/08 22:29:33 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Template
[2010/04/09 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Tidy Start Menu
[2010/01/14 00:18:14 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\WeatherBug
[2009/12/04 09:18:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\WinBatch
[2010/10/31 09:46:37 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/01 20:44:04 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/05/10 10:12:04 | 000,000,875 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/02/22 00:50:45 | 000,299,158 | ---- | M] () -- C:\fraglist.luar
[2010/11/26 19:36:33 | 3119,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/23 10:45:58 | 000,000,251 | ---- | M] () -- C:\INSTALL.LOG
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/26 19:36:33 | 4159,168,512 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/02/03 12:04:46 | 000,489,072 | ---- | M] () -- C:\Windows\aus_ddss.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2007/03/13 16:20:26 | 000,035,979 | ---- | M] () -- C:\Program Files (x86)\Photoshop CS3 Read Me.html

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/06/23 16:36:24 | 000,773,120 | ---- | M] () -- C:\Windows\SysWOW64\NEROINSTAEC43759.DB

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/19 20:44:35 | 000,000,406 | -HS- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/17 15:59:52 | 000,080,384 | ---- | M] () -- C:\Users\Karen\Desktop\MBRCheck.exe
[2010/11/26 18:06:00 | 002,565,432 | ---- | M] () -- C:\Users\Karen\Desktop\NTBR_CD.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/24 08:30:10 | 000,000,402 | -HS- | M] () -- C:\Users\Karen\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/03 21:27:38 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2009/11/28 18:41:17 | 000,000,008 | RHS- | M] () -- C:\ProgramData\2A56F6E3C0.sys
[2010/11/03 19:43:17 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:13AAA187
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4BFE8B22

< End of report >

Karenb · 2010/11/26

OTL Extras logfile created on: 11/26/2010 8:30:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Karen\Desktop\New folder
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 360.00 Gb Free Space | 79.34% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.17 Gb Free Space | 18.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{140587DE-51BE-45DA-838D-CD594C88B691}" = AVG 2011
"{24BEFDE1-A699-4139-B61B-B1102FDE7279}" = AVG 2011
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
"{778C8673-1A90-45DD-91E8-33FD0202E9E2}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE748D49-9B5F-4D69-ABF1-A891C95CAB4A}" = AVG 2011
"{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"AVG" = AVG 2011
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A34D17F9-0328-4F71-B4E9-E515EF34AB12}_is1" = Auslogics Disk Defrag ScreenSaver
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AMP Font Viewer" = AMP Font Viewer
"AnyDVD" = AnyDVD
"Color Efex Pro 3.0 Corel Sampler" = Color Efex Pro 3.0 Corel Sampler
"ContactKeeper_is1" = ContactKeeper 1.4.3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Eye Candy 4000" = Eye Candy 4000
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Filter Forge_is1" = Filter Forge 1.009
"FLV Player" = FLV Player 2.0 (build 25)
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Tidy Start Menu" = Tidy Start Menu
"TurboTax 2009" = TurboTax 2009
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/11/26

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [] File not found
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Users\Karen\*.tmp files -> C:\Users\Karen\*.tmp -> ]
[2009/11/28 18:48:10 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\2A56F6E3C0.sys
[2009/11/28 18:41:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\2A56F6E3C0.sys
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:13AAA187
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4BFE8B22


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Karenb · 2010/11/26

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
C:\Windows\Fonts\~GLH07f0.TMP deleted successfully.
C:\Users\Karen\130FA2D4E5B34BA89C4A70B615655319.TMP\WiseCustCall64.dll deleted successfully.
C:\Users\Karen\130FA2D4E5B34BA89C4A70B615655319.TMP\WiseCustomCall.dll deleted successfully.
C:\Users\Karen\130FA2D4E5B34BA89C4A70B615655319.TMP\WiseCustomCalla.dll deleted successfully.
C:\Users\Karen\130FA2D4E5B34BA89C4A70B615655319.TMP folder deleted successfully.
C:\Windows\SysWOW64\2A56F6E3C0.sys moved successfully.
C:\ProgramData\2A56F6E3C0.sys moved successfully.
ADS C:\ProgramData\Temp:13AAA187 deleted successfully.
ADS C:\ProgramData\Temp:4BFE8B22 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Karen
->Temp folder emptied: 777224099 bytes
->Temporary Internet Files folder emptied: 2135951 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 124955583 bytes
->Flash cache emptied: 14185 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2420565 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 865.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Karen
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11262010_213041

Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Karen\AppData\Local\Temp\~DF7718C10BA03B47F1.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT0150a.TMP not found!

Registry entries deleted on Reboot...

Karenb · 2010/11/26

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Log in or Sign up

Solved Desktop icons and webpages enlarging to extreme

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Desktop icons and webpages enlarging to extreme

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

Share This Page

Useful Searches