Judy55 Posted March 4, 2010 Posted March 4, 2010 Hi I am new to this site . I followed all instrunctions u gave to get rid of the pyagcore search but when i got to level 5 i could not get it to work. Said i need a proxy? I have ran everything and i still have the pyagcore on my computer. i look in my add and remove programs and did not see anything that said pyagcore. I can not use my msn how can i fix this? I am a stay at home mom and not very good at computers but i did do all the stuff u posted. Some one please help me thx Judy Quote
RandyL Posted March 5, 2010 Posted March 5, 2010 Judy has followed Gokus malware guide. Judy did you uninstall the kiwee toolbar first? If not do so then run the steps again. Step 5 is for System Restore. Do you mean step 4 which is the Eset scan did not work? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Judy55 Posted March 5, 2010 Author Posted March 5, 2010 yes the step 4 the Eset scan. I went to add and remove programs and could not find the kiwee tool bar there. but when i look at tools and click on toolbars the kiwee is there but no check on it. I did a search for kiwee and found a folder that said kiwee and i deleted it. and then empty the trash. but the kiwee is still showing as one of the tool bars under my tools. i do not know what to do Quote
RandyL Posted March 5, 2010 Posted March 5, 2010 Are you using IE or Firefox? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
RandyL Posted March 5, 2010 Posted March 5, 2010 OK I think you are using IE8 and not Firefox. I'm going to let chiaz or Starbuck look at this. They are the experts. I'm surprised that Malwarebytes didn't remove pyagcore because the last time I looked it detected it. Please don't manually delete any more files or folders. Unless you are sure of what you are doing it can cause problems. Please ignore the following for the time being. I set a restore point and installed the latest version of the kiwee toolbar. There were three entries in Programs and Features (add/remove). All three uninstalled (one was for Firefox). In IE there was still an entry in Tools>Manage Add-ons but no toolbar. Firefox uninstalled clean. Although in Firefox I had to reset my homepage and default search. Toolbar Cop cleaned up the entry in IE. It also worked as a complete uninstaller in IE. There were three entries. [ATTACH]384.vB5-legacyid=738[/ATTACH] Perhaps a reinstall of the latest version followed by a regular uninstall followed by Toolbar Cop would remove all but the file folder. System Restored. But I still seem some harmless folders in C:\ProgramData (agi and kiwee) I'm going to run Malwarebytes to see if it finds anything. No infections found. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted March 6, 2010 Posted March 6, 2010 Hi Judy Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. If they are too large to post, add them as attachments and i'll take it from there. Thanks Quote Member of:UNITE
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 OTL logfile created on: 3/6/2010 1:41:20 PM - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Judy Holsclaw\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 57.00% Memory free 10.00 Gb Paging File | 7.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 687.22 Gb Total Space | 506.84 Gb Free Space | 73.75% Space Free | Partition Type: NTFS Drive D: | 11.41 Gb Total Space | 1.52 Gb Free Space | 13.33% Space Free | Partition Type: NTFS Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 Computer Name: JUDYHOLSCLAW-PC Current User Name: Judy Holsclaw Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Judy Holsclaw\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Modules (SafeList) ========== MOD - C:\Users\Judy Holsclaw\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.) Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Win32 Services (SafeList) ========== SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AGWinService) -- C:\Program Files (x86)\AGI\common\win32\PythonService.exe () SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Driver Services (SafeList) ========== DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant) DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant) Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Bing [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Bing Start IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files (x86)\AGI\common\agcutils.dll (TODO: <Company name>) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "Bing Start" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: {4671ed49-739e-cae1-a47a-0b736ad28b5c}:4.6.6.4 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..keyword.URL: "Bing Start=" FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox [2010/02/23 01:20:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 11:05:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/02/23 19:04:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/23 19:05:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/23 19:48:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/23 19:48:37 | 000,000,000 | ---D | M] [2009/07/01 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Extensions [2009/04/24 08:47:20 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2010/03/03 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions [2009/08/13 20:12:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/12/17 10:28:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/02/26 10:27:40 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/02/23 18:50:27 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D} [2009/12/19 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\DefaultManager@Microsoft [2010/02/23 19:46:42 | 000,002,188 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\searchplugins\bing-ff.xml [2009/09/18 15:43:18 | 000,002,354 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\searchplugins\kiwee-live-search.xml [2010/02/04 15:18:32 | 000,002,055 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\searchplugins\kiwee-toolbar.xml [2010/02/23 18:50:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/02/23 18:50:49 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4671ed49-739e-cae1-a47a-0b736ad28b5c} [2007/12/17 12:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll O1 HOSTS File: ([2010/03/03 11:15:32 | 000,380,280 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13103 more lines... O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe (AG Interactive) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 ( File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Judy Holsclaw\Pictures\trojans 2009 cody\andy cody 6.jpg O24 - Desktop BackupWallPaper: C:\Users\Judy Holsclaw\Pictures\trojans 2009 cody\andy cody 6.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2005/07/07 18:12:51 | 000,040,960 | R--- | M] () - E:\Autodisable.exe -- [ CDFS ] O32 - AutoRun File - [2005/12/12 14:36:43 | 000,000,051 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autodisable.exe -- [2005/07/07 18:12:51 | 000,040,960 | R--- | M] () O33 - MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\Shell - "" = AutoRun O33 - MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O33 - MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\Shell - "" = AutoRun O33 - MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 000,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/03/06 13:29:44 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Judy Holsclaw\Desktop\OTL.exe [2010/03/03 18:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/03/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Roaming\SUPERAntiSpyware.com [2010/03/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware [2010/03/03 18:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010/03/03 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/03/03 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010/03/03 13:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010/03/03 13:22:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/02/25 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Roaming\Malwarebytes [2010/02/25 12:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/02/25 12:24:43 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/02/25 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/02/25 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/02/25 11:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2010/02/23 19:49:11 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Local\AVG Security Toolbar [2010/02/23 19:05:35 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/02/23 19:05:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010/02/23 19:05:23 | 000,470,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/02/23 19:05:19 | 000,422,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010/02/23 19:05:18 | 000,034,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010/02/23 19:05:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg [2010/02/23 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar [2010/02/23 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010/02/23 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010/02/23 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar [2010/02/23 18:23:55 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010/02/23 18:23:54 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010/02/23 18:22:44 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010/02/23 18:22:43 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010/02/23 18:22:43 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010/02/23 18:22:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010/02/23 18:22:42 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010/02/23 18:22:42 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010/02/23 18:22:42 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010/02/23 18:22:41 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010/02/23 18:22:41 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010/02/23 18:22:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010/02/23 18:22:41 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010/02/23 18:22:40 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010/02/23 18:22:40 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll [2010/02/23 18:22:40 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll [2010/02/23 18:22:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010/02/23 18:22:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010/02/23 18:22:40 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010/02/23 18:22:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010/02/23 18:22:38 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010/02/23 18:22:37 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010/02/23 18:22:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010/02/23 18:22:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/02/23 18:22:36 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010/02/23 18:22:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010/02/22 22:44:45 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010/02/22 22:44:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010/02/22 22:44:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010/02/22 22:44:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010/02/22 22:44:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010/02/22 22:44:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010/02/22 22:44:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010/02/22 22:44:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll [2010/02/22 22:44:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010/02/22 22:44:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010/02/22 22:43:30 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010/02/22 14:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab(98) [2010/02/14 22:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2010/02/14 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Local\Kiwee Toolbar [2010/02/04 14:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnifiedToolbar [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Files - Modified Within 30 Days ========== [2010/03/06 13:41:33 | 007,864,320 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat [2010/03/06 13:32:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/03/06 13:29:47 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Judy Holsclaw\Desktop\OTL.exe [2010/03/06 13:23:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/06 13:23:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/06 13:08:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/03/06 12:37:36 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C1F62CBE-08DD-434E-BE16-B2AFB420784F}.job [2010/03/06 08:03:10 | 056,772,185 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/03/05 19:32:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/03/05 14:02:47 | 002,442,752 | ---- | M] () -- C:\Users\Judy Holsclaw\Documents\20010 dog.nws [2010/03/05 13:28:34 | 000,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/03/05 13:28:34 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/03/05 13:28:34 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/03/05 13:23:50 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job [2010/03/05 13:22:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/05 13:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/04 23:11:12 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms [2010/03/04 23:11:12 | 000,065,536 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TM.blf [2010/03/04 23:10:40 | 003,192,779 | -H-- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\IconCache.db [2010/03/03 18:31:43 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/03/03 15:51:58 | 000,000,067 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\InstalledProducts.ini [2010/03/03 11:15:32 | 000,380,280 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010/03/03 08:33:07 | 000,004,571 | ---- | M] () -- C:\Windows\wininit.ini [2010/03/02 22:22:12 | 000,001,099 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\Spybot - Search & Destroy.lnk [2010/03/02 08:03:00 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job [2010/03/01 17:42:31 | 000,028,672 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\MomsQuitClaimDeed.doc [2010/03/01 15:21:03 | 001,431,040 | ---- | M] () -- C:\Users\Judy Holsclaw\Documents\2010 dog 2.sig [2010/02/28 22:08:43 | 000,088,507 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\0205001246a.jpg [2010/02/28 21:44:59 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/27 10:43:16 | 000,034,304 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/26 08:51:54 | 001,134,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/02/26 08:46:17 | 000,406,704 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\GDIPFONTCACHEV1.DAT [2010/02/25 13:50:35 | 000,000,680 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\d3d9caps.dat [2010/02/24 15:23:35 | 004,942,705 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\Do_not_text_while_driving.wmv [2010/02/24 14:49:00 | 000,000,047 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\AVSMediaPlayer.m3u [2010/02/23 19:05:31 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/02/23 19:05:25 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010/02/23 19:05:23 | 000,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/02/23 19:05:19 | 000,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010/02/23 19:05:18 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010/02/23 19:05:18 | 000,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010/02/23 19:05:16 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg [2010/02/23 19:05:16 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg [2010/02/23 19:05:16 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg [2010/02/22 23:17:02 | 001,687,612 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat [2010/02/22 23:17:02 | 000,074,476 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx [2010/02/22 23:17:02 | 000,008,724 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx [2010/02/22 23:17:01 | 007,870,524 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat [2010/02/22 22:35:05 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms [2010/02/22 22:29:23 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010/02/22 21:55:38 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms [2010/02/22 21:55:38 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms [2010/02/22 21:55:38 | 000,065,536 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TM.blf [2010/02/22 21:07:10 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010/02/22 21:07:10 | 000,065,536 | -HS- | M] () -- C:\Users\Judy Holsclaw\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/02/22 20:58:15 | 000,009,870 | -HS- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\e1wnOl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Files Created - No Company Name ========== [2010/03/03 18:31:43 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/03/03 15:51:58 | 000,000,067 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\InstalledProducts.ini [2010/03/03 08:32:24 | 000,004,571 | ---- | C] () -- C:\Windows\wininit.ini [2010/03/02 22:22:12 | 000,001,099 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\Spybot - Search & Destroy.lnk [2010/03/01 17:42:31 | 000,028,672 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\MomsQuitClaimDeed.doc [2010/03/01 15:21:03 | 001,431,040 | ---- | C] () -- C:\Users\Judy Holsclaw\Documents\2010 dog 2.sig [2010/03/01 15:20:37 | 002,442,752 | ---- | C] () -- C:\Users\Judy Holsclaw\Documents\20010 dog.nws [2010/02/28 22:08:41 | 000,088,507 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\0205001246a.jpg [2010/02/25 12:24:47 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/24 15:23:26 | 004,942,705 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\Do_not_text_while_driving.wmv [2010/02/23 19:05:31 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/02/23 19:05:18 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010/02/23 19:05:16 | 056,772,185 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/02/23 19:05:16 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg [2010/02/23 19:05:16 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg [2010/02/23 19:05:15 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg [2010/02/22 22:23:03 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms [2010/02/22 22:23:03 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms [2010/02/22 22:23:03 | 000,065,536 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TM.blf [2010/02/22 21:28:25 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms [2010/02/22 21:28:25 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms [2010/02/22 21:28:25 | 000,065,536 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TM.blf [2010/02/22 09:48:21 | 000,009,870 | -HS- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\e1wnOl [2009/11/07 11:51:51 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll [2009/09/11 08:09:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/11 08:07:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/12 15:02:12 | 000,000,680 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\d3d9caps.dat [2009/06/06 17:55:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/05/22 17:31:59 | 000,000,047 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\AVSMediaPlayer.m3u [2009/05/22 17:26:24 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/05/22 17:26:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/01/29 22:30:04 | 000,870,128 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\mcs.rma [2009/01/29 22:30:04 | 000,000,004 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\D54CCC [2009/01/09 09:15:06 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/12/20 10:46:32 | 000,001,406 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\wklnhst.dat [2008/12/02 18:23:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/11/14 23:28:13 | 000,034,304 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/25 19:07:45 | 000,001,890 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008/05/12 20:21:23 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008/05/12 20:21:23 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== LOP Check ========== [2009/03/10 13:08:17 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\agi [2008/11/21 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\eBay [2010/01/01 17:32:54 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Facebook [2009/06/02 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\IObit [2008/12/23 10:34:56 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Leadertech [2009/11/20 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\LimeWire [2009/10/03 09:45:46 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Morpheus Software [2009/05/06 10:13:01 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\NCH Swift Sound [2008/10/22 17:39:09 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Simple Star [2009/01/06 08:18:47 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Skinux [2009/03/23 07:54:13 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Snapfish [2009/02/20 11:49:59 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\TeamViewer [2008/12/20 10:46:36 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Template [2008/10/20 16:52:15 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\WildTangent [2008/10/21 11:13:50 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\WinBatch [2010/03/02 08:03:00 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job [2010/03/05 13:23:50 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\ErrorFix Startup.job [2010/03/04 23:10:59 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/03/06 12:37:36 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C1F62CBE-08DD-434E-BE16-B2AFB420784F}.job ========== Purity Check ========== ========== Custom Scans ========== Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/01/13 00:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\yoyo poems.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\trojans 2009 sponsor adds.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\trojan 2009 youth football camp.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\TROJAN 2009 youth football camp1.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\spirit page samples.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\pic.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\oz3.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\oz iron on.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\oz coloring book.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\lc food signs.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\iron man add 2009.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\DEER RECIPES BK.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\danny , vicki.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\dads diaper belt.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\andys quilt.nws:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\20010 dog.nws:OECustomProperty @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9D718DA3 < End of report > Quote
Judy55 Posted March 6, 2010 Author Posted March 6, 2010 Hi Starbuck I hope this is what you wanted. I am not real smart with working on computers. Sorry i was late in getting this done I was sick with a virous that the kids brought home from high school. LOl computer has virous then i get one lol go figure lol . thx for all ur help o this Quote
RandyL Posted March 6, 2010 Posted March 6, 2010 Just hang tight Judy. Starbuck can advise you when he gets back. You have some problems I see. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted March 6, 2010 Posted March 6, 2010 (edited) Hi Judy, You posted just fine, thanks. Don't worry if you can't post or reply straight away.... we're not going anywhere. :) While i go through the report, can you post the extra.txt..... there should be a copy on your desktop. Could you also explain this please: O24 - Desktop WallPaper: C:\Users\Judy Holsclaw\Pictures\trojans 2009 cody\andy cody 6.jpg did you create this folder? Thanks. Edited March 6, 2010 by Starbuck Quote Member of:UNITE
Judy55 Posted March 7, 2010 Author Posted March 7, 2010 lol yes my sons play football and i take pics during all the games and make a cd for all players and i give each 80 players and coaches one in aprill before the 2010 spring schrimage game. One of many volunteering things i do. I do not charge them either. Cody is my son. I also make things for our humane society too.I use print shop 23 a lot. The main coach gets a copy of game pic that wek of the game but I still make each one a copy of it all. Then i make stuff for my church too. I hope me plaaying games is not the reason my computer is mess up. I love this face book yoville game i talk with friends from other countrys there. Here is what u ask for , i hope this helps TY so much JUdy Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.