Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please review Hijack log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please review Hijack log

Unread postby foreeverprecious » January 10th, 2011, 11:21 pm

My daughter was playing on some game sites and now my mouse is jerking, hardly moving, and then freezing. Please review my hijack log for any problems.

Thank you

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:30 PM, on 1/10/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18542)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\foreeverprecious\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCICRZ21\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\foreeverprecious\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 6931 bytes
foreeverprecious
Active Member
 
Posts: 5
Joined: January 10th, 2011, 10:54 pm
Advertisement
Register to Remove

Re: Please review Hijack log

Unread postby askey127 » January 11th, 2011, 5:57 pm

Hi foreeverprecious,
There is quite a bit to look at here, but just take it one step at a time.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
-----------------------------------------------------------
Disable Windows Defender
Open Windows Defender by clicking the Start button Picture of the Start button, clicking All Programs, and then clicking Windows Defender.
If you don't see it in the Programs List, you can access it using the Control Panel.
Click Tools, and then click Options.
Under Administrator options, clear the Use Windows Defender check box, and then click Save.
Administrator permission is required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Click the "X" in the upper right corner of the HiJackThis window to close it.

-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
-----------------------------------------------
Install Antivir
Double Click the Avira Antivir Installer on your desktop (Right click and choose "Run as administrator" in Vista/Win7), and Install the program.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more. Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Antivir Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. Click on the Run Scan button at the top left hand corner.
  4. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
    Please post the contents of these files.
    You may use separate replies if you wish.

So we are looking for the Avira Antivir log, and the two logs from OTL.
Use a separate reply for each one, if it's easier for you.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Please review Hijack log

Unread postby foreeverprecious » January 13th, 2011, 8:51 pm

Here are the 3 logs. When I ran the Antivir it only took a couple of minutes 2 do the scan. Did I do something wrong?

Thank you



Avira AntiVir Personal
Report file date: Thursday, January 13, 2011 14:44

Scanning for 2366765 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : foreeverprecious
Computer name : FOREEVERPREC-PC

Version information:
BUILD.DAT : 10.0.0.609 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:39:39
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 22:39:39
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 22:39:39
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 22:39:39
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 22:39:40
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 22:39:40
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 22:39:40
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 22:39:40
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 22:39:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 22:39:41
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 22:39:41
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 22:39:41
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 22:39:42
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 22:39:44
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 22:39:45
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 22:39:46
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 22:39:48
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 22:39:50
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 22:39:51
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 22:39:53
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 22:39:54
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 22:39:56
VBASE023.VDF : 7.11.1.88 2048 Bytes 1/11/2011 22:39:57
VBASE024.VDF : 7.11.1.89 2048 Bytes 1/11/2011 22:39:57
VBASE025.VDF : 7.11.1.90 2048 Bytes 1/11/2011 22:39:57
VBASE026.VDF : 7.11.1.91 2048 Bytes 1/11/2011 22:39:57
VBASE027.VDF : 7.11.1.92 2048 Bytes 1/11/2011 22:39:57
VBASE028.VDF : 7.11.1.93 2048 Bytes 1/11/2011 22:39:58
VBASE029.VDF : 7.11.1.94 2048 Bytes 1/11/2011 22:39:58
VBASE030.VDF : 7.11.1.95 2048 Bytes 1/11/2011 22:39:58
VBASE031.VDF : 7.11.1.122 120320 Bytes 1/13/2011 22:39:59
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/13/2011 22:40:17
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/13/2011 22:40:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 16:39:49
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/13/2011 22:40:11
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 16:39:42
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/13/2011 22:40:03
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 16:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\Users\FOREEV~1\AppData\Local\Temp\69cd3416.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, January 13, 2011 14:44

Starting the file scan:

Begin scan in 'C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe'


End of the scan: Thursday, January 13, 2011 14:44
Used time: 00:10 Minute(s)

The scan has been done completely.

0 Scanned directories
435 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
435 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

OTL logfile created on: 1/13/2011 3:14:34 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\foreeverprecious\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 17.15 Gb Free Space | 22.48% Space Free | Partition Type: NTFS

Computer Name: FOREEVERPREC-PC | User Name: foreeverprecious | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/13 08:39:53 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010/08/16 20:19:22 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/17 19:13:56 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 21:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/04/07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/13 08:28:02 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
DRV - [2003/09/26 13:52:28 | 000,243,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/04/11 01:31:38 | 000,014,336 | ---- | M] (Scientific Atlanta) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sacmxp2.sys -- (UsbCmxp)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20101014235533959&tb_oid=24-10-2010&tb_mrud=24-10-2010"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6100
FF - prefs.js..extensions.enabledItems: {88921be5-00bd-4206-a2f7-1bbb33d8a907}:1.0
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20101014235533959&tb_oid=24-10-2010&tb_mrud=24-10-2010&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 20:22:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 21:20:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 21:20:12 | 000,000,000 | ---D | M]

[2009/03/26 18:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Extensions
[2009/03/26 18:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/05 20:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions
[2009/09/03 13:15:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/10 21:25:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/12 15:07:46 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/07/15 22:39:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{88921be5-00bd-4206-a2f7-1bbb33d8a907}
[2010/10/14 15:56:08 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/10/14 15:55:13 | 000,001,490 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\searchplugins\AOL Search.xml
[2010/10/12 15:43:03 | 000,002,340 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\searchplugins\aol-search.xml
[2010/12/02 21:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/23 20:39:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2010/08/16 20:22:57 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/23 20:38:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/17 19:13:56 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2010/10/14 15:55:13 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/ins ... sVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\foreeverprecious\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89e899b0-8105-11dc-aa68-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{89e899b0-8105-11dc-aa68-000a73f0f5e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e34cc632-5b96-11de-8c40-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e34cc632-5b96-11de-8c40-000a73f0f5e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fb532183-e886-11dc-98e0-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{fb532183-e886-11dc-98e0-000a73f0f5e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 15:13:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
[2011/01/13 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Roaming\Avira
[2011/01/13 14:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/01/13 14:34:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/01/13 14:34:35 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/01/13 14:34:35 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/01/13 14:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/01/13 14:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/13 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\Desktop\backups
[2011/01/11 17:31:11 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 17:31:05 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/01/10 18:40:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\foreeverprecious\Desktop\HiJackThis.exe
[2011/01/04 20:00:25 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Local\AOL
[2010/12/27 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Local\CrashDumps
[2010/12/23 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/23 19:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/20 10:45:54 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\Documents\Phlebotomy License
[2010/12/15 15:35:41 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 15:35:37 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 15:35:33 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/15 15:35:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/15 15:35:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 15:35:27 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 15:35:26 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 15:35:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/12/15 15:35:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 15:35:25 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 15:35:02 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 15:34:53 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 15:34:52 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 15:34:52 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 15:34:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/15 15:32:34 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 15:32:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 15:32:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 15:32:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[1 C:\Users\foreeverprecious\Documents\*.tmp files -> C:\Users\foreeverprecious\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/13 15:25:24 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8AEE3BB6-6F70-45D8-A52F-91B91FD7392C}.job
[2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
[2011/01/13 15:04:50 | 000,000,680 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Local\d3d9caps.dat
[2011/01/13 15:04:26 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 15:04:26 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 15:04:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/13 15:04:01 | 804,315,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 14:35:04 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/13 14:23:31 | 059,325,912 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe
[2011/01/13 12:48:54 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/10 18:41:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\foreeverprecious\Desktop\HiJackThis.exe
[2011/01/04 19:46:22 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2010/12/28 06:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/12/27 13:30:05 | 000,191,830 | ---- | M] () -- C:\Users\foreeverprecious\pic for license.jpg
[2010/12/27 12:17:34 | 000,923,645 | ---- | M] () -- C:\Users\foreeverprecious\phlebotomy certificate.jpg
[2010/12/22 16:09:25 | 000,398,881 | ---- | M] () -- C:\Users\foreeverprecious\Documents\santa.jpg
[2010/12/20 11:14:47 | 000,238,808 | ---- | M] () -- C:\Users\foreeverprecious\Documents\jills drivers license.jpg
[2010/12/17 15:28:12 | 000,468,538 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 3 vbb.jpg
[2010/12/17 15:26:47 | 000,443,302 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 2 vbb.jpg
[2010/12/17 15:25:30 | 000,336,998 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 1 vbb.jpg
[2010/12/16 12:29:25 | 000,272,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\foreeverprecious\Documents\*.tmp files -> C:\Users\foreeverprecious\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/13 14:35:04 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/13 14:23:28 | 059,325,912 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe
[2011/01/09 17:17:30 | 804,315,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/04 19:46:22 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/12/27 13:30:03 | 000,191,830 | ---- | C] () -- C:\Users\foreeverprecious\pic for license.jpg
[2010/12/27 12:17:33 | 000,923,645 | ---- | C] () -- C:\Users\foreeverprecious\phlebotomy certificate.jpg
[2010/12/22 16:09:23 | 000,398,881 | ---- | C] () -- C:\Users\foreeverprecious\Documents\santa.jpg
[2010/12/20 11:14:46 | 000,238,808 | ---- | C] () -- C:\Users\foreeverprecious\Documents\jills drivers license.jpg
[2010/12/17 15:28:11 | 000,468,538 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 3 vbb.jpg
[2010/12/17 15:26:47 | 000,443,302 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 2 vbb.jpg
[2010/12/17 15:25:30 | 000,336,998 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 1 vbb.jpg
[2010/03/05 19:09:24 | 000,000,000 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Roaming\3b767e39
[2010/01/17 21:21:35 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/17 21:21:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C6B78F4565.sys
[2009/03/26 19:38:18 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/26 19:38:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2009/03/26 19:38:17 | 000,706,048 | ---- | C] () -- C:\Windows\System32\libmcl-3.1.1.dll
[2009/02/11 21:29:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf502
[2008/07/10 20:29:47 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/06/30 06:10:50 | 000,000,000 | ---- | C] () -- C:\Windows\Spell Catcher.INI
[2007/12/11 07:55:28 | 000,000,104 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\fusioncache.dat
[2007/12/08 13:43:02 | 000,000,168 | RHS- | C] () -- C:\Windows\System32\361DFA881F.sys
[2007/12/08 13:24:28 | 000,002,984 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/11/09 10:10:28 | 000,017,408 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 19:42:05 | 000,007,582 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/10/22 15:45:38 | 000,000,680 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\d3d9caps.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/03/07 11:33:26 | 000,000,136 | ---- | C] () -- C:\Windows\System32\msrfst.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B835CF2D

< End of report >

OTL Extras logfile created on: 1/13/2011 3:14:34 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\foreeverprecious\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 17.15 Gb Free Space | 22.48% Space Free | Partition Type: NTFS

Computer Name: FOREEVERPREC-PC | User Name: foreeverprecious | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C225084-D1B9-4CA1-A162-A8A9192DE0E2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{12D9F563-47EE-43E1-AC02-7CC8B6B25264}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{199BC53A-2B47-42E2-8A2A-DA24B23320AF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1DE5AA1E-CCD3-4430-8606-E52719AE35CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{23F805D9-D2E7-46F8-8613-045F3EED8C1B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{2E009297-6B66-4FC9-BA45-BBB25428C0E8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{54607D6F-1581-4BD3-A712-A635CFCC7496}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{582BEF9D-174A-486A-9BF7-CAE183582B48}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{5A03BF42-F389-4835-8C63-803F6A935C96}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{7228ED11-6CC6-4CCA-B884-B82A76883815}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{75953994-1E02-47F9-8032-9BFD4E4CC5DD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1287170699\ee\aolsoftware.exe |
"{7C20569E-2D28-42B9-8574-603F8D7810FA}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{7DD04C75-48BD-4C31-9093-C72679464483}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A5F0DD6-6621-4BE0-AF75-33E23F9B8958}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
"{8EC4784A-900B-489D-A612-B549BFFB0170}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{9272C3EA-CCF9-4CB8-923E-DCC11DEDA84B}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
"{A2310638-C4C2-4EAB-A3CA-B4FE5E1B77AF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A9EB6D9A-96B7-46C8-836B-C116127FD66C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{ABF0D506-E5F6-4798-9D4C-D0EF39EADB8B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B911A40B-2979-47FB-B428-BBE488C58A14}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1287170699\ee\aolsoftware.exe |
"{BD60CC81-8D51-47E5-A03E-DC3437551A2A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CA3244FB-353E-49AE-98CB-FCB82C81D10A}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{CDFEE0F6-DA5D-4E6F-829D-E812E4796AAC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{F0ABCD69-4EB9-4E02-9909-34F35DFDDF98}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"TCP Query User{4621C41C-3692-454A-B2A6-2D8266109A9F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{4C5D2CEF-1DF1-447E-B2CE-78FD63A26F6E}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8C640A4E-67F9-4085-9F24-913FE95DCAB6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{96306900-FF43-4971-93AF-D3AD57908D54}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{074D8795-C391-4CED-A12D-4320911B581B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6DF2403F-9977-4B81-B88C-8278BEE789E4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E103C57D-6307-4771-B76A-F0AF51480397}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{F37E0E3A-337B-48E0-A52F-35AA967ABEAA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) Download Manager for Corel
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}" = HP Deskjet 2050 J510 series Basic Device Software
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9413C04B-F66A-48F6-8276-0D0ACF0E41B7}" = MSA20XX Device Manager
"{9C344D4A-69B8-430E-B463-BAA1A83D7F68}" = HP Deskjet 2050 J510 series Product Improvement Study
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AFD0A7E2-C28E-49E1-9939-A00AF134304D}" = Microsoft Expression Design
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows Vista Signed Files
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"GOTSNIPE EBAY TOOLBAR" = GOTSNIPE EBAY TOOLBAR Toolbar (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebSTAR DPX2100 Uninstall" = Scientific Atlanta WebSTAR 2000 series Cable Modem
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 9:11:11 PM | Computer Name = foreeverprec-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/10/2011 1:02:52 PM | Computer Name = foreeverprec-PC | Source = Application Error | ID = 1000
Description = Faulting application Corel Paint Shop Pro Photo.exe, version 12.5.0.0,
time stamp 0x4976e873, faulting module ole32.dll, version 6.0.6001.18498, time
stamp 0x4c28cad0, exception code 0xc0000005, fault offset 0x000389b5, process id
0xd0c, application start time 0x01cbb0e607a4b5c8.

Error - 1/10/2011 10:03:27 PM | Computer Name = foreeverprec-PC | Source = ESENT | ID = 455
Description = Catalog Database (1308) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb00154.log.

Error - 1/10/2011 10:03:28 PM | Computer Name = foreeverprec-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 1/13/2011 5:04:37 PM | Computer Name = foreeverprec-PC | Source = Application Error | ID = 1000
Description = Faulting application Corel Paint Shop Pro Photo.exe, version 12.5.0.0,
time stamp 0x4976e873, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x90909090, process id 0xf74, application
start time 0x01cbb363456c5141.

Error - 1/13/2011 6:26:02 PM | Computer Name = foreeverprec-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\FOREEV~1\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/13/2011 6:35:50 PM | Computer Name = foreeverprec-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/13/2011 6:35:50 PM | Computer Name = foreeverprec-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/13/2011 7:06:00 PM | Computer Name = foreeverprec-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/13/2011 7:06:00 PM | Computer Name = foreeverprec-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 11/25/2007 7:18:14 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 49 seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/3/2007 9:10:32 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3349 seconds with 1560 seconds of active time. This session ended with a
crash.

Error - 12/3/2007 9:50:41 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2382 seconds with 1440 seconds of active time. This session ended with a
crash.

Error - 12/4/2007 1:47:53 AM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 14218 seconds with 6660 seconds of active time. This session ended with
a crash.

Error - 7/30/2008 4:11:02 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 4054 seconds with 420 seconds of active time. This session ended with a
crash.

Error - 9/5/2008 3:48:01 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/7/2008 3:50:22 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/19/2008 11:29:54 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 105 seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/13/2008 8:36:00 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 2497 seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/16/2008 2:20:08 PM | Computer Name = foreeverprec-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 494 seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/13/2011 4:43:57 PM | Computer Name = foreeverprec-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/13/2011 4:43:59 PM | Computer Name = foreeverprec-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/13/2011 5:37:14 PM | Computer Name = foreeverprec-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/13/2011 5:37:15 PM | Computer Name = foreeverprec-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/13/2011 6:15:22 PM | Computer Name = foreeverprec-PC | Source = ati2mtag | ID = 52225
Description =

Error - 1/13/2011 6:15:36 PM | Computer Name = foreeverprec-PC | Source = HTTP | ID = 15016
Description =

Error - 1/13/2011 6:17:09 PM | Computer Name = foreeverprec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/13/2011 7:04:03 PM | Computer Name = foreeverprec-PC | Source = ati2mtag | ID = 52225
Description =

Error - 1/13/2011 7:04:18 PM | Computer Name = foreeverprec-PC | Source = HTTP | ID = 15016
Description =

Error - 1/13/2011 7:05:02 PM | Computer Name = foreeverprec-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
foreeverprecious
Active Member
 
Posts: 5
Joined: January 10th, 2011, 10:54 pm

Re: Please review Hijack log

Unread postby askey127 » January 14th, 2011, 8:31 am

foreeverprecious,
We will fix up Antivir so it scans correctly.
You may want to copy and print out this instruction before you begin.

Reset configuration and Run Scan with Antivir:
------------------------------------------------------
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click the F8 key.
In the upper left, check the Expert Mode box
The Window should be titled "Scanner > Scan". If not ,click on the Scanner item in the categories on the left.
In the Files box, click All Files
In the Additional Settings box, check all the boxes except Follow Symbolic Links

Now on the Left, click on the category item General
Click the button labeled Default Values
At the bottom, click on Apply and OK
Back at the opening screen Click on the link in the lower right labeled "Scan system Now"

This full scan could take a hour or more. Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Please review Hijack log

Unread postby foreeverprecious » January 15th, 2011, 12:52 am

Here is the Avira report.

Thank you



Avira AntiVir Personal
Report file date: Friday, January 14, 2011 09:06

Scanning for 2366765 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FOREEVERPREC-PC

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:39:39
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 22:39:39
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 22:39:39
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 22:39:39
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 22:39:40
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 22:39:40
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 22:39:40
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 22:39:40
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 22:39:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 22:39:41
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 22:39:41
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 22:39:41
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 22:39:42
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 22:39:44
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 22:39:45
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 22:39:46
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 22:39:48
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 22:39:50
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 22:39:51
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 22:39:53
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 22:39:54
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 22:39:56
VBASE023.VDF : 7.11.1.88 2048 Bytes 1/11/2011 22:39:57
VBASE024.VDF : 7.11.1.89 2048 Bytes 1/11/2011 22:39:57
VBASE025.VDF : 7.11.1.90 2048 Bytes 1/11/2011 22:39:57
VBASE026.VDF : 7.11.1.91 2048 Bytes 1/11/2011 22:39:57
VBASE027.VDF : 7.11.1.92 2048 Bytes 1/11/2011 22:39:57
VBASE028.VDF : 7.11.1.93 2048 Bytes 1/11/2011 22:39:58
VBASE029.VDF : 7.11.1.94 2048 Bytes 1/11/2011 22:39:58
VBASE030.VDF : 7.11.1.95 2048 Bytes 1/11/2011 22:39:58
VBASE031.VDF : 7.11.1.122 120320 Bytes 1/13/2011 22:39:59
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/13/2011 22:40:17
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/13/2011 22:40:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 16:39:49
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/13/2011 22:40:11
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 16:39:42
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/13/2011 22:40:03
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 16:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, January 14, 2011 09:06

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'avcenter.exe' - '69' Module(s) have been scanned
Scan process 'jucheck.exe' - '60' Module(s) have been scanned
Scan process 'ehmsas.exe' - '19' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '37' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'wuauclt.exe' - '34' Module(s) have been scanned
Scan process 'sidebar.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'realsched.exe' - '33' Module(s) have been scanned
Scan process 'jusched.exe' - '29' Module(s) have been scanned
Scan process 'Explorer.EXE' - '148' Module(s) have been scanned
Scan process 'Dwm.exe' - '25' Module(s) have been scanned
Scan process 'taskeng.exe' - '79' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '16' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '35' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '59' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '17' Module(s) have been scanned
Scan process 'PSIService.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '25' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'SLsvc.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '151' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1604' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\foreeverprecious\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\3f128481-6544be9e
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.RA Java virus
--> dogs/mian.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.RA Java virus
C:\Users\foreeverprecious\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\25cd6b8c-2209fe5d
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Djewers.BG Java virus
--> quote/Skypeqd.class
[DETECTION] Contains recognition pattern of the JAVA/Djewers.BG Java virus
--> quote/Twitters.class
[DETECTION] Contains recognition pattern of the JAVA/Djewers.BH Java virus

Beginning disinfection:
C:\Users\foreeverprecious\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\25cd6b8c-2209fe5d
[DETECTION] Contains recognition pattern of the JAVA/Djewers.BH Java virus
[NOTE] The file was moved to the quarantine directory under the name '481a4b18.qua'.
C:\Users\foreeverprecious\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\3f128481-6544be9e
[DETECTION] Contains recognition pattern of the JAVA/Agent.RA Java virus
[NOTE] The file was moved to the quarantine directory under the name '507f64e9.qua'.


End of the scan: Friday, January 14, 2011 16:51
Used time: 3:41:10 Hour(s)

The scan has been done completely.

27753 Scanned directories
712765 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
712762 Files not concerned
21016 Archives were scanned
0 Warnings
2 Notes
565930 Objects were scanned with rootkit scan
0 Hidden objects were found
foreeverprecious
Active Member
 
Posts: 5
Joined: January 10th, 2011, 10:54 pm

Re: Please review Hijack log

Unread postby askey127 » January 15th, 2011, 8:42 am

foreverprecious,
All this may look daunting, but it's not really. Each task is separate. Just take each one in turn, then go to the next.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Adobe Reader 8.1.2
Java(TM) 6 Update 20
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6

Take extra care in answering questions posed by any Uninstaller.
----------------------------- -------------------
Issues with Older Adobe Acrobat Programs
It's possible that PC slowdowns can be caused by one of your older Adobe Acrobat versions trying to update itself.
That program (esp Acrobat 4/5/6) has a buggy updater which can hang at bootup. It can phone home interminably and slow your PC to a crawl. Anytime after your machine boots and you notice a slowdown, use Ctrl-Alt-Del to bring up task manager.
Click on the Processes tab, and note the names of the process files which are using most of the CPU resources. May be something like Adobeupd.exe
In any case, you should install and use the latest version of the free Acrobat reader to look at web-based PDF files, even if you keep an older Acrobat version for editing.
This will prevent PC infection due to opening a malicious web-based PDF with one of the older, vulnerable, applications.
If you do not use the older Acrobat for editing or creating pdf files, you should Uninstall it.
----------------------------------------------
Run OTL (Right click and Run as administrator) OK the UAC prompt if necessary.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B835CF2D
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{E103C57D-6307-4771-B76A-F0AF51480397}C:\program files\limewire\limewire.exe" =-
    
    :Files
    c:\program files\limewire
    C:\PROGRAMDATA\NORTON
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 23 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1000_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X.(Right click and run as administrator)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
--------------------------------------------------------
Run a Scan with OTL
  1. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  2. Click on the Quick Scan button at the top.
  3. When OTL finishes, a Notepad file will open.
  4. Please copy and paste the contents of this file in a reply.

Let me know how it goes, and tell me how the machine is running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Please review Hijack log

Unread postby foreeverprecious » January 16th, 2011, 3:48 am

Here is the OTL report. When I ran the OTL using the custom scans/fixes it stopped at moving file c:\Program Files\limewire so i just hit reset to reboot. Then I did everything else on the list.

My mouse has not frozen anymore, but it's still a little jerky.

Thank you

OTL logfile created on: 1/15/2011 10:41:15 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\foreeverprecious\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 18.34 Gb Free Space | 24.04% Space Free | Partition Type: NTFS

Computer Name: FOREEVERPREC-PC | User Name: foreeverprecious | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/15 10:40:37 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/08/16 20:19:22 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/17 19:13:56 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 21:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/04/07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/13 08:28:02 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
DRV - [2003/09/26 13:52:28 | 000,243,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/04/11 01:31:38 | 000,014,336 | ---- | M] (Scientific Atlanta) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sacmxp2.sys -- (UsbCmxp)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20101014235533959&tb_oid=24-10-2010&tb_mrud=24-10-2010"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6100
FF - prefs.js..extensions.enabledItems: {88921be5-00bd-4206-a2f7-1bbb33d8a907}:1.0
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20101014235533959&tb_oid=24-10-2010&tb_mrud=24-10-2010&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 20:22:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 21:20:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/15 22:34:03 | 000,000,000 | ---D | M]

[2009/03/26 18:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Extensions
[2009/03/26 18:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/15 22:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions
[2009/09/03 13:15:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/10 21:25:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/12 15:07:46 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/07/15 22:39:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{88921be5-00bd-4206-a2f7-1bbb33d8a907}
[2010/10/14 15:56:08 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/10/14 15:55:13 | 000,001,490 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\searchplugins\AOL Search.xml
[2010/10/12 15:43:03 | 000,002,340 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\searchplugins\aol-search.xml
[2011/01/15 22:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/15 22:25:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/08/16 20:22:57 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/01/15 22:25:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/17 19:13:56 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2010/10/14 15:55:13 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/ins ... sVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\foreeverprecious\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89e899b0-8105-11dc-aa68-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{89e899b0-8105-11dc-aa68-000a73f0f5e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e34cc632-5b96-11de-8c40-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e34cc632-5b96-11de-8c40-000a73f0f5e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fb532183-e886-11dc-98e0-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{fb532183-e886-11dc-98e0-000a73f0f5e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/15 15:58:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/13 15:13:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
[2011/01/13 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Roaming\Avira
[2011/01/13 14:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/01/13 14:34:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/01/13 14:34:35 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/01/13 14:34:35 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/01/13 14:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/01/13 14:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/13 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\Desktop\backups
[2011/01/10 18:40:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\foreeverprecious\Desktop\HiJackThis.exe
[2011/01/04 20:00:25 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Local\AOL
[2010/12/27 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Local\CrashDumps
[2010/12/23 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/23 19:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/20 10:45:54 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\Documents\Phlebotomy License
[1 C:\Users\foreeverprecious\Documents\*.tmp files -> C:\Users\foreeverprecious\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/15 22:50:24 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8AEE3BB6-6F70-45D8-A52F-91B91FD7392C}.job
[2011/01/15 22:34:04 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/01/15 21:53:59 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 21:53:59 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 21:48:40 | 000,000,680 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Local\d3d9caps.dat
[2011/01/15 21:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/15 21:48:03 | 804,315,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
[2011/01/13 14:35:04 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/13 14:23:31 | 059,325,912 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe
[2011/01/13 12:48:54 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/10 18:41:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\foreeverprecious\Desktop\HiJackThis.exe
[2011/01/04 19:46:22 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2010/12/27 13:30:05 | 000,191,830 | ---- | M] () -- C:\Users\foreeverprecious\pic for license.jpg
[2010/12/27 12:17:34 | 000,923,645 | ---- | M] () -- C:\Users\foreeverprecious\phlebotomy certificate.jpg
[2010/12/22 16:09:25 | 000,398,881 | ---- | M] () -- C:\Users\foreeverprecious\Documents\santa.jpg
[2010/12/20 11:14:47 | 000,238,808 | ---- | M] () -- C:\Users\foreeverprecious\Documents\jills drivers license.jpg
[2010/12/17 15:28:12 | 000,468,538 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 3 vbb.jpg
[2010/12/17 15:26:47 | 000,443,302 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 2 vbb.jpg
[2010/12/17 15:25:30 | 000,336,998 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 1 vbb.jpg
[1 C:\Users\foreeverprecious\Documents\*.tmp files -> C:\Users\foreeverprecious\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 22:34:04 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/01/13 14:35:04 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/13 14:23:28 | 059,325,912 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe
[2011/01/09 17:17:30 | 804,315,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/04 19:46:22 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/12/27 13:30:03 | 000,191,830 | ---- | C] () -- C:\Users\foreeverprecious\pic for license.jpg
[2010/12/27 12:17:33 | 000,923,645 | ---- | C] () -- C:\Users\foreeverprecious\phlebotomy certificate.jpg
[2010/12/22 16:09:23 | 000,398,881 | ---- | C] () -- C:\Users\foreeverprecious\Documents\santa.jpg
[2010/12/20 11:14:46 | 000,238,808 | ---- | C] () -- C:\Users\foreeverprecious\Documents\jills drivers license.jpg
[2010/12/17 15:28:11 | 000,468,538 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 3 vbb.jpg
[2010/12/17 15:26:47 | 000,443,302 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 2 vbb.jpg
[2010/12/17 15:25:30 | 000,336,998 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 1 vbb.jpg
[2010/03/05 19:09:24 | 000,000,000 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Roaming\3b767e39
[2010/01/17 21:21:35 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/17 21:21:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C6B78F4565.sys
[2009/03/26 19:38:18 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/26 19:38:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2009/03/26 19:38:17 | 000,706,048 | ---- | C] () -- C:\Windows\System32\libmcl-3.1.1.dll
[2009/02/11 21:29:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf502
[2008/07/10 20:29:47 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/06/30 06:10:50 | 000,000,000 | ---- | C] () -- C:\Windows\Spell Catcher.INI
[2007/12/11 07:55:28 | 000,000,104 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\fusioncache.dat
[2007/12/08 13:43:02 | 000,000,168 | RHS- | C] () -- C:\Windows\System32\361DFA881F.sys
[2007/12/08 13:24:28 | 000,002,984 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/11/09 10:10:28 | 000,017,408 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 19:42:05 | 000,007,582 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/10/22 15:45:38 | 000,000,680 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\d3d9caps.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/03/07 11:33:26 | 000,000,136 | ---- | C] () -- C:\Windows\System32\msrfst.dll

========== LOP Check ==========

[2010/10/11 10:51:54 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\acccore
[2010/01/28 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\AviDvdBurner
[2008/05/26 11:33:30 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\CDBurnerXP_Soft
[2008/06/30 06:21:42 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Downloaded Installations
[2008/06/30 06:21:50 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\GetRightToGo
[2009/02/11 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\GraphPad Software
[2007/12/24 00:34:47 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Image Zone Express
[2009/11/23 14:39:39 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\LuminareSoft
[2007/12/24 00:32:29 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Printer Info Cache
[2007/12/07 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Sarm Software
[2008/06/30 06:30:25 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\TG Enterprises, Inc
[2008/07/12 22:53:49 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\tinySpell
[2011/01/14 00:13:43 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/15 22:50:24 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8AEE3BB6-6F70-45D8-A52F-91B91FD7392C}.job

========== Purity Check ==========



< End of report >
foreeverprecious
Active Member
 
Posts: 5
Joined: January 10th, 2011, 10:54 pm

Re: Please review Hijack log

Unread postby askey127 » January 16th, 2011, 8:18 am

foreverprecious,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :Files
    c:\program files\limewire
    C:\PROGRAMDATA\NORTON
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

If there are a very large number of temp files it could take quite a while. Please let it finish. Don't assume it's stalled.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Please review Hijack log

Unread postby foreeverprecious » January 16th, 2011, 7:24 pm

Here is the log.

Thank you

OTL logfile created on: 1/16/2011 2:51:16 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\foreeverprecious\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 19.70 Gb Free Space | 25.81% Space Free | Partition Type: NTFS

Computer Name: FOREEVERPREC-PC | User Name: foreeverprecious | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/16 20:19:22 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/17 19:13:56 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 21:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/04/07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/13 08:28:02 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
DRV - [2003/09/26 13:52:28 | 000,243,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/04/11 01:31:38 | 000,014,336 | ---- | M] (Scientific Atlanta) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sacmxp2.sys -- (UsbCmxp)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20101014235533959&tb_oid=24-10-2010&tb_mrud=24-10-2010"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6100
FF - prefs.js..extensions.enabledItems: {88921be5-00bd-4206-a2f7-1bbb33d8a907}:1.0
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20101014235533959&tb_oid=24-10-2010&tb_mrud=24-10-2010&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 20:22:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 21:20:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/15 22:34:03 | 000,000,000 | ---D | M]

[2009/03/26 18:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Extensions
[2009/03/26 18:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/15 22:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions
[2009/09/03 13:15:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/10 21:25:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/12 15:07:46 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/07/15 22:39:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{88921be5-00bd-4206-a2f7-1bbb33d8a907}
[2010/10/14 15:56:08 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/10/14 15:55:13 | 000,001,490 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\searchplugins\AOL Search.xml
[2010/10/12 15:43:03 | 000,002,340 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Roaming\Mozilla\Firefox\Profiles\nle8ohnt.default\searchplugins\aol-search.xml
[2011/01/15 22:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/15 22:25:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/08/16 20:22:57 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/01/15 22:25:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/17 19:13:56 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2010/10/14 15:55:13 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/ins ... sVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\foreeverprecious\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89e899b0-8105-11dc-aa68-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{89e899b0-8105-11dc-aa68-000a73f0f5e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e34cc632-5b96-11de-8c40-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e34cc632-5b96-11de-8c40-000a73f0f5e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fb532183-e886-11dc-98e0-000a73f0f5e8}\Shell - "" = AutoRun
O33 - MountPoints2\{fb532183-e886-11dc-98e0-000a73f0f5e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/15 15:58:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/13 15:13:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
[2011/01/13 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Roaming\Avira
[2011/01/13 14:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/01/13 14:34:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/01/13 14:34:35 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/01/13 14:34:35 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/01/13 14:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/01/13 14:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/13 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\Desktop\backups
[2011/01/10 18:40:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\foreeverprecious\Desktop\HiJackThis.exe
[2011/01/04 20:00:25 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Local\AOL
[2010/12/27 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\AppData\Local\CrashDumps
[2010/12/23 19:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/20 10:45:54 | 000,000,000 | ---D | C] -- C:\Users\foreeverprecious\Documents\Phlebotomy License
[1 C:\Users\foreeverprecious\Documents\*.tmp files -> C:\Users\foreeverprecious\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/16 14:50:13 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8AEE3BB6-6F70-45D8-A52F-91B91FD7392C}.job
[2011/01/16 14:47:50 | 000,000,680 | ---- | M] () -- C:\Users\foreeverprecious\AppData\Local\d3d9caps.dat
[2011/01/16 14:44:11 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 14:44:11 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 14:43:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/16 14:43:44 | 804,315,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/16 14:32:27 | 115,719,492 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/15 22:34:04 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/01/13 15:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\foreeverprecious\Desktop\OTL.exe
[2011/01/13 14:35:04 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/13 14:23:31 | 059,325,912 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe
[2011/01/13 12:48:54 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/10 18:41:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\foreeverprecious\Desktop\HiJackThis.exe
[2011/01/04 19:46:22 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2010/12/27 13:30:05 | 000,191,830 | ---- | M] () -- C:\Users\foreeverprecious\pic for license.jpg
[2010/12/27 12:17:34 | 000,923,645 | ---- | M] () -- C:\Users\foreeverprecious\phlebotomy certificate.jpg
[2010/12/22 16:09:25 | 000,398,881 | ---- | M] () -- C:\Users\foreeverprecious\Documents\santa.jpg
[2010/12/20 11:14:47 | 000,238,808 | ---- | M] () -- C:\Users\foreeverprecious\Documents\jills drivers license.jpg
[2010/12/17 15:28:12 | 000,468,538 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 3 vbb.jpg
[2010/12/17 15:26:47 | 000,443,302 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 2 vbb.jpg
[2010/12/17 15:25:30 | 000,336,998 | ---- | M] () -- C:\Users\foreeverprecious\Desktop\page 1 vbb.jpg
[1 C:\Users\foreeverprecious\Documents\*.tmp files -> C:\Users\foreeverprecious\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 22:34:04 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/01/13 14:35:04 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/13 14:23:28 | 059,325,912 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\avira_antivir_personal_en.exe
[2011/01/09 17:17:30 | 804,315,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/04 19:46:22 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/12/27 13:30:03 | 000,191,830 | ---- | C] () -- C:\Users\foreeverprecious\pic for license.jpg
[2010/12/27 12:17:33 | 000,923,645 | ---- | C] () -- C:\Users\foreeverprecious\phlebotomy certificate.jpg
[2010/12/22 16:09:23 | 000,398,881 | ---- | C] () -- C:\Users\foreeverprecious\Documents\santa.jpg
[2010/12/20 11:14:46 | 000,238,808 | ---- | C] () -- C:\Users\foreeverprecious\Documents\jills drivers license.jpg
[2010/12/17 15:28:11 | 000,468,538 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 3 vbb.jpg
[2010/12/17 15:26:47 | 000,443,302 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 2 vbb.jpg
[2010/12/17 15:25:30 | 000,336,998 | ---- | C] () -- C:\Users\foreeverprecious\Desktop\page 1 vbb.jpg
[2010/03/05 19:09:24 | 000,000,000 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Roaming\3b767e39
[2010/01/17 21:21:35 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/17 21:21:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C6B78F4565.sys
[2009/03/26 19:38:18 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/26 19:38:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2009/03/26 19:38:17 | 000,706,048 | ---- | C] () -- C:\Windows\System32\libmcl-3.1.1.dll
[2009/02/11 21:29:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf502
[2008/07/10 20:29:47 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/06/30 06:10:50 | 000,000,000 | ---- | C] () -- C:\Windows\Spell Catcher.INI
[2007/12/11 07:55:28 | 000,000,104 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\fusioncache.dat
[2007/12/08 13:43:02 | 000,000,168 | RHS- | C] () -- C:\Windows\System32\361DFA881F.sys
[2007/12/08 13:24:28 | 000,002,984 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/11/09 10:10:28 | 000,017,408 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 19:42:05 | 000,007,582 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/10/22 15:45:38 | 000,000,680 | ---- | C] () -- C:\Users\foreeverprecious\AppData\Local\d3d9caps.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/03/07 11:33:26 | 000,000,136 | ---- | C] () -- C:\Windows\System32\msrfst.dll

========== LOP Check ==========

[2010/10/11 10:51:54 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\acccore
[2010/01/28 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\AviDvdBurner
[2008/05/26 11:33:30 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\CDBurnerXP_Soft
[2008/06/30 06:21:42 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Downloaded Installations
[2008/06/30 06:21:50 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\GetRightToGo
[2009/02/11 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\GraphPad Software
[2007/12/24 00:34:47 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Image Zone Express
[2009/11/23 14:39:39 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\LuminareSoft
[2007/12/24 00:32:29 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Printer Info Cache
[2007/12/07 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\Sarm Software
[2008/06/30 06:30:25 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\TG Enterprises, Inc
[2008/07/12 22:53:49 | 000,000,000 | ---D | M] -- C:\Users\foreeverprecious\AppData\Roaming\tinySpell
[2011/01/16 14:42:56 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/16 14:50:13 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8AEE3BB6-6F70-45D8-A52F-91B91FD7392C}.job

========== Purity Check ==========



< End of report >
foreeverprecious
Active Member
 
Posts: 5
Joined: January 10th, 2011, 10:54 pm

Re: Please review Hijack log

Unread postby askey127 » January 16th, 2011, 7:51 pm

Looks pretty good.
Tell me how the machine is running for you.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Please review Hijack log

Unread postby askey127 » January 21st, 2011, 4:46 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware