Jump to content
Sign in to follow this  
thehulk18

Pc Starts By Itself At Random And Also Shuts Down When It Feels Like I

Recommended Posts

This is the HJT Log, I will post test results if it stays on long enough.

 

I should mention first, that when I run HJT, shortly after it starts I get the following message pop up:

 

"For some reason your system denied access to your Hosts files. If any Hijacked domains are in this file, HJT may NOT BE ABLE TO FIX THIS.

 

If that happens, you will have to edit it yourself by doing this:

 

Start/Run type in: notepad"C:\Windows\System32\driver\etc\hosts

ENTER

(This of course does not work, something about the path being wrong)

Find the lines HJT reports and delete then.

Save the file as "Hosts" (with quotes)

 

HJT then continues until a second error pops up which says something about an ERROR IN mod-main something or other, error #75 ...doesnt stay on long enough for me to read all of it.

 

Logfile of HijackThis v1.99.1

Scan saved at 3:32:50 AM, on 5/13/2010

Platform: Unknown Windows (WinNT 6.00.1906 SP2)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\mobsync.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

So far, changed or disconnected the HD, DS Rom, Power Supply and it still starts up all by itself no matter how it was shut down. When it does start, it does so for about 10 seconds and then suts dowsn again, etc., etc.

The Power switch is non-functional when this happens. I thought it was something trying to start up, but it acts more like something that hasnt shut down and is trying, like maybe a capacitor not fully discharging. It hs been running for about 15 or 20 minutes now, which is unusual. I will attempt to get a test run on it and post results.

 

I am on a different PC now because it just shut down. Here are test results.

 

http://www.pcpitstop.com/betapit/sec.asp?conid=23592224&report=Summary

Edited by thehulk18

Share this post


Link to post
Share on other sites

Hello, thehulk18

Welcome to the PCPitstop Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

 

 

 

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

 

 

 

 

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Share this post


Link to post
Share on other sites

Hello, thehulk18

Welcome to the PCPitstop Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

 

 

 

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

 

 

 

 

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Share this post


Link to post
Share on other sites

Let's try again...thanks Tom

 

 

OTL logfile created on: 5/13/2010 10:16:11 AM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\bernard\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

6.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.09 Gb Total Space | 239.37 Gb Free Space | 83.09% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 37.27 Gb Total Space | 34.31 Gb Free Space | 92.05% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BERNARD-PC

Current User Name: bernard

Logged in as Administrator.

 

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - [2010/05/13 10:14:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe

PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/05/13 10:14:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe

MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/20 18:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/04/22 09:34:54 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/04/22 09:34:53 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/02/12 11:23:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)

SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/07/22 18:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2008/05/05 14:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/04/22 09:35:06 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/04/22 09:35:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/04/22 09:34:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2008/07/23 10:28:32 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/06/11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/01/25 04:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)

DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

 

 

 

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM1_Standard.bmp

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM1_Standard.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/02/23 16:06:54 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{9166519b-fe1c-11dd-8db9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{9166519b-fe1c-11dd-8db9-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Msetup4.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 18:34:27 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

CREATERESTOREPOINT

Error creating restore point.

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010/05/13 10:14:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe

[2010/05/12 04:15:04 | 000,000,000 | ---D | C] -- C:\HJT

[2010/05/12 01:44:06 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/04/27 15:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2010/04/22 11:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2010/04/22 11:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2010/04/22 11:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2010/04/22 10:24:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2010/04/22 10:21:25 | 000,000,000 | ---D | C] -- C:\Windows\Temp

[2010/04/22 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Local\Temp

[2010/04/22 10:21:01 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Roaming\Auslogics

[2010/04/22 10:14:09 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/04/22 10:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!

[2010/04/22 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2010/04/22 09:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem

[2010/04/22 09:35:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/04/22 09:35:06 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/04/22 09:35:00 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/04/22 09:34:58 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/04/22 09:34:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg

[2010/04/22 09:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/04/22 09:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/04/22 08:51:48 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Roaming\Malwarebytes

[2010/04/22 08:51:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/04/22 08:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/04/22 08:51:35 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/22 08:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/04/22 08:18:23 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Roaming\IObit

[2010/04/22 08:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2010/04/01 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/02/24 15:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads

 

========== Files - Modified Within 90 Days ==========

 

[2010/05/13 10:15:47 | 000,879,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/05/13 10:15:47 | 000,197,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/05/13 10:15:47 | 000,004,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/05/13 10:14:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe

[2010/05/13 10:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/13 10:00:32 | 002,359,296 | -HS- | M] () -- C:\Users\bernard\ntuser.dat

[2010/05/13 10:00:30 | 002,292,467 | -H-- | M] () -- C:\Users\bernard\AppData\Local\IconCache.db

[2010/05/13 09:58:19 | 000,088,893 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/05/13 09:58:19 | 000,088,893 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/05/13 09:55:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2010/05/13 09:55:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/13 09:55:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/13 09:55:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/13 01:29:41 | 059,932,514 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/05/04 11:20:52 | 000,307,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/04/27 15:14:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2010/04/22 18:20:21 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000001.regtrans-ms

[2010/04/22 18:20:21 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TM.blf

[2010/04/22 09:54:05 | 000,003,584 | ---- | M] () -- C:\Users\bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/22 09:35:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/04/22 09:35:06 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/04/22 09:35:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/04/22 09:34:58 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/04/22 09:34:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/04/22 08:51:39 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/22 08:18:25 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2010/04/21 09:50:53 | 001,048,576 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.2.regtrans-ms

[2010/04/21 09:50:53 | 001,048,576 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.1.regtrans-ms

[2010/04/21 09:50:53 | 001,048,576 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.0.regtrans-ms

[2010/04/21 09:50:53 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.blf

[2010/04/21 05:42:52 | 000,005,184 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini

[2010/04/17 14:31:29 | 000,000,270 | ---- | M] () -- C:\Windows\win.ini

[2010/04/16 16:06:25 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000002.regtrans-ms

[2010/04/15 17:08:28 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000001.regtrans-ms

[2010/04/15 17:08:28 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TM.blf

[2010/04/11 08:54:21 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000002.regtrans-ms

[2010/04/11 07:41:05 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/04/11 07:41:05 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/02/25 15:12:46 | 000,075,832 | ---- | M] () -- C:\Users\bernard\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/22 19:09:09 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

 

========== Files Created - No Company Name ==========

 

[2010/04/27 15:14:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2010/04/22 09:56:46 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2010/04/22 09:34:58 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/04/22 09:34:57 | 059,932,514 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/04/22 08:51:39 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/22 08:18:25 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2010/04/22 08:11:51 | 000,088,893 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010/04/22 08:06:04 | 000,088,893 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010/04/21 09:50:53 | 001,048,576 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.2.regtrans-ms

[2010/04/21 09:50:53 | 001,048,576 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.1.regtrans-ms

[2010/04/21 09:50:53 | 001,048,576 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.0.regtrans-ms

[2010/04/21 09:50:53 | 000,065,536 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.blf

[2010/04/21 05:42:52 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2010/04/16 16:06:25 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000002.regtrans-ms

[2010/04/16 16:06:25 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000001.regtrans-ms

[2010/04/16 16:06:25 | 000,065,536 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TM.blf

[2010/04/11 08:54:21 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000002.regtrans-ms

[2010/04/11 08:54:21 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000001.regtrans-ms

[2010/04/11 08:54:21 | 000,065,536 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TM.blf

[2009/09/18 05:22:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/02/18 16:40:25 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2006/11/22 14:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini

[2006/11/21 10:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 

========== LOP Check ==========

 

[2010/04/22 10:21:01 | 000,000,000 | ---D | M] -- C:\Users\bernard\AppData\Roaming\Auslogics

[2010/05/12 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\bernard\AppData\Roaming\IObit

[2010/05/13 07:30:19 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/20 18:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/20 18:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< >

< End of report >

 

 

OTL Extras logfile created on: 5/13/2010 10:16:11 AM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\bernard\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

6.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.09 Gb Total Space | 239.37 Gb Free Space | 83.09% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 37.27 Gb Total Space | 34.31 Gb Free Space | 92.05% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BERNARD-PC

Current User Name: bernard

Logged in as Administrator.

 

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00181BC2-EDFC-46BA-924B-DBBAE878FBA0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |

"{06C9B889-E735-4E47-BCC0-540F11E96264}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{467985BB-820E-4337-BC2E-FFBD4DFE582D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{4ECC026C-F0AD-4AD8-9BED-B63C084387E0}" = protocol=6 | dir=in | app=c:\program files\aol\rc\regclient.exe |

"{4FB8F451-E24E-435B-8DF4-12691110830B}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

"{5928B764-4F0A-4841-B112-6AF612D6F02E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{6AC3F764-0C2A-4677-86A0-AE0345CE146B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{705049FE-DBD3-431B-9B6F-24665B60CC9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{71565BF2-C157-4D34-9C2F-210464CE3BE2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{93A64C52-77C7-4DBA-AADE-096294A3E26E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{A0587A0F-BD21-4862-9D0B-E2FB37457CB1}" = protocol=17 | dir=in | app=c:\program files\aol\rc\regclient.exe |

"{A17DCB2A-9DF6-4067-B395-1B122D2A4DBE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{B2899642-FB20-4222-8AD9-604324BA7B0C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{B33F60DD-EA5E-4E94-8502-38BD762BFEDA}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{B3660CDB-E036-44C8-9853-7AFCB3081A69}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{C759A8C8-C87B-458C-9635-00FF7FE55821}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{D4919FDD-EE81-4808-8F59-5B99C2A89B77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{DB2A15F8-8550-4C63-A3A4-8D042ECE89FC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{E199CD54-BF57-4403-90DE-F8A2B5BBC6A4}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem

"AOL Regclient" = AOL Registration

"AOL Toolbar" = AOL Toolbar 5.0

"AOL Toolbar 5.0" =

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"AVG9Uninstall" = AVG Free 9.0

"CleanUp!" = CleanUp!

"Google Desktop" = Google Desktop

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader

"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent emachines Master Uninstall" = eMachines Games

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 4/27/2010 6:57:28 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012

Description =

 

Error - 4/27/2010 6:57:28 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011

Description =

 

Error - 4/27/2010 7:23:32 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012

Description =

 

Error - 4/27/2010 7:23:32 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011

Description =

 

Error - 4/27/2010 11:13:30 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012

Description =

 

Error - 4/27/2010 11:13:30 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011

Description =

 

Error - 5/1/2010 6:54:18 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012

Description =

 

Error - 5/1/2010 6:54:18 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011

Description =

 

Error - 5/3/2010 3:44:10 AM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012

Description =

 

Error - 5/3/2010 3:44:10 AM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011

Description =

 

[ System Events ]

Error - 5/13/2010 2:10:44 PM | Computer Name = bernard-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 5/13/2010 2:11:15 PM | Computer Name = bernard-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:59:57 AM on 5/13/2010 was unexpected.

 

Error - 5/13/2010 2:11:01 PM | Computer Name = bernard-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 5/13/2010 2:12:01 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/13/2010 2:12:07 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/13/2010 2:12:08 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/13/2010 2:12:10 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/13/2010 2:12:11 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/13/2010 2:12:37 PM | Computer Name = bernard-PC | Source = Service Control Manager | ID = 7001

Description =

 

Error - 5/13/2010 2:12:37 PM | Computer Name = bernard-PC | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

Share this post


Link to post
Share on other sites

Hi,

 

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Share this post


Link to post
Share on other sites

Hi,

 

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

 

 

Tom, thanks for your time and trouble my friend, but the owner came and got it and said he was gonna trade it it.

Cest la vie....

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed.

 

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...