Jump to content

pyagcore search

Judy55
 Share

Recommended Posts

Judy55 Newbie

Judy55

Posted
Posted

Hi

I am new to this site . I followed all instrunctions u gave to get rid of the pyagcore search but when i got to level 5 i could not get it to work. Said i need a proxy?

I have ran everything and i still have the pyagcore on my computer. i look in my add and remove programs and did not see anything that said pyagcore.

I can not use my msn how can i fix this? I am a stay at home mom and not very good at computers but i did do all the stuff u posted.

Some one please help me

thx Judy

  • Replies 122
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

RandyL Newbie

RandyL

Posted
Posted

Judy has followed Gokus malware guide.

 

Judy did you uninstall the kiwee toolbar first? If not do so then run the steps again.

 

Step 5 is for System Restore. Do you mean step 4 which is the Eset scan did not work?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Judy55 Newbie

Judy55

Posted
  • Author
Posted

yes the step 4 the Eset scan.

I went to add and remove programs and could not find the kiwee tool bar there. but when i look at tools and click on toolbars the kiwee is there but no check on it. I did a search for kiwee and found a folder that said kiwee and i deleted it. and then empty the trash. but the kiwee is still showing as one of the tool bars under my tools.

 

i do not know what to do

RandyL Newbie

RandyL

Posted
Posted
Are you using IE or Firefox?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

RandyL Newbie

RandyL

Posted
Posted

OK I think you are using IE8 and not Firefox.

 

I'm going to let chiaz or Starbuck look at this. They are the experts. I'm surprised that Malwarebytes didn't remove pyagcore because the last time I looked it detected it.

 

Please don't manually delete any more files or folders. Unless you are sure of what you are doing it can cause problems.

 

Please ignore the following for the time being.

I set a restore point and installed the latest version of the kiwee toolbar. There were three entries in Programs and Features (add/remove). All three uninstalled (one was for Firefox).

 

In IE there was still an entry in Tools>Manage Add-ons but no toolbar. Firefox uninstalled clean. Although in Firefox I had to reset my homepage and default search.

 

Toolbar Cop cleaned up the entry in IE. It also worked as a complete uninstaller in IE. There were three entries.

[ATTACH]384.vB5-legacyid=738[/ATTACH]

 

Perhaps a reinstall of the latest version followed by a regular uninstall followed by Toolbar Cop would remove all but the file folder.

System Restored. But I still seem some harmless folders in C:\ProgramData (agi and kiwee)

 

I'm going to run Malwarebytes to see if it finds anything.

 

No infections found.

toolbarcop.JPG.bb6b2c7c8723583833c438ce6f667858.JPG

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi Judy

 

  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png


    Now copy the lines in the codebox below. 
    netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

If they are too large to post, add them as attachments and i'll take it from there.

 

Thanks

Member of:

UNITE

Judy55 Newbie

Judy55

Posted
  • Author
Posted

OTL logfile created on: 3/6/2010 1:41:20 PM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Judy Holsclaw\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

Judy55 Newbie

Judy55

Posted
  • Author
Posted

5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 57.00% Memory free

10.00 Gb Paging File | 7.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

Judy55 Newbie

Judy55

Posted
  • Author
Posted

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 687.22 Gb Total Space | 506.84 Gb Free Space | 73.75% Space Free | Partition Type: NTFS

Drive D: | 11.41 Gb Total Space | 1.52 Gb Free Space | 13.33% Space Free | Partition Type: NTFS

Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Judy55 Newbie

Judy55

Posted
  • Author
Posted

Computer Name: JUDYHOLSCLAW-PC

Current User Name: Judy Holsclaw

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Judy Holsclaw\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe (AG Interactive)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Modules (SafeList) ==========

 

MOD - C:\Users\Judy Holsclaw\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)

SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AGWinService) -- C:\Program Files (x86)\AGI\common\win32\PythonService.exe ()

SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()

DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Bing [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Bing Start

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files (x86)\AGI\common\agcutils.dll (TODO: <Company name>)

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "Bing Start"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60

FF - prefs.js..extensions.enabledItems: {4671ed49-739e-cae1-a47a-0b736ad28b5c}:4.6.6.4

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..keyword.URL: "Bing Start="

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox [2010/02/23 01:20:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 11:05:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/02/23 19:04:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/23 19:05:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/23 19:48:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/23 19:48:37 | 000,000,000 | ---D | M]

 

[2009/07/01 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Extensions

[2009/04/24 08:47:20 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/03/03 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions

[2009/08/13 20:12:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/12/17 10:28:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/02/26 10:27:40 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/02/23 18:50:27 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}

[2009/12/19 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\extensions\DefaultManager@Microsoft

[2010/02/23 19:46:42 | 000,002,188 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\searchplugins\bing-ff.xml

[2009/09/18 15:43:18 | 000,002,354 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\searchplugins\kiwee-live-search.xml

[2010/02/04 15:18:32 | 000,002,055 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\Mozilla\Firefox\Profiles\n79urp84.default\searchplugins\kiwee-toolbar.xml

[2010/02/23 18:50:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/02/23 18:50:49 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4671ed49-739e-cae1-a47a-0b736ad28b5c}

[2007/12/17 12:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll

 

O1 HOSTS File: ([2010/03/03 11:15:32 | 000,380,280 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 13103 more lines...

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe (AG Interactive)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 ( File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\Judy Holsclaw\Pictures\trojans 2009 cody\andy cody 6.jpg

O24 - Desktop BackupWallPaper: C:\Users\Judy Holsclaw\Pictures\trojans 2009 cody\andy cody 6.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2005/07/07 18:12:51 | 000,040,960 | R--- | M] () - E:\Autodisable.exe -- [ CDFS ]

O32 - AutoRun File - [2005/12/12 14:36:43 | 000,000,051 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autodisable.exe -- [2005/07/07 18:12:51 | 000,040,960 | R--- | M] ()

O33 - MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\Shell - "" = AutoRun

O33 - MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O33 - MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\Shell - "" = AutoRun

O33 - MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\M\Shell - "" = AutoRun

O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

Judy55 Newbie

Judy55

Posted
  • Author
Posted

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 000,000,000 | ---D | M]

NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)

NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)

NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M]

NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/03/06 13:29:44 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Judy Holsclaw\Desktop\OTL.exe

[2010/03/03 18:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/03/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Roaming\SUPERAntiSpyware.com

[2010/03/03 18:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2010/03/03 18:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2010/03/03 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/03/03 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2010/03/03 13:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2010/03/03 13:22:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/02/25 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Roaming\Malwarebytes

[2010/02/25 12:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/02/25 12:24:43 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/02/25 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/02/25 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/02/25 11:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2010/02/23 19:49:11 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Local\AVG Security Toolbar

[2010/02/23 19:05:35 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/02/23 19:05:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll

[2010/02/23 19:05:23 | 000,470,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/02/23 19:05:19 | 000,422,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/02/23 19:05:18 | 000,034,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/02/23 19:05:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg

[2010/02/23 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

[2010/02/23 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2010/02/23 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/02/23 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar

[2010/02/23 18:23:55 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2010/02/23 18:23:54 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2010/02/23 18:22:44 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2010/02/23 18:22:43 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll

[2010/02/23 18:22:43 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll

[2010/02/23 18:22:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2010/02/23 18:22:42 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe

[2010/02/23 18:22:42 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe

[2010/02/23 18:22:42 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe

[2010/02/23 18:22:41 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2010/02/23 18:22:41 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2010/02/23 18:22:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2010/02/23 18:22:41 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2010/02/23 18:22:40 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2010/02/23 18:22:40 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll

[2010/02/23 18:22:40 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll

[2010/02/23 18:22:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2010/02/23 18:22:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll

[2010/02/23 18:22:40 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2010/02/23 18:22:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2010/02/23 18:22:38 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2010/02/23 18:22:37 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2010/02/23 18:22:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

[2010/02/23 18:22:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010/02/23 18:22:36 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll

[2010/02/23 18:22:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll

[2010/02/22 22:44:45 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2010/02/22 22:44:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2010/02/22 22:44:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll

[2010/02/22 22:44:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll

[2010/02/22 22:44:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll

[2010/02/22 22:44:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll

[2010/02/22 22:44:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll

[2010/02/22 22:44:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll

[2010/02/22 22:44:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2010/02/22 22:44:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2010/02/22 22:43:30 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/02/22 14:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab(98)

[2010/02/14 22:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework

[2010/02/14 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Local\Kiwee Toolbar

[2010/02/04 14:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnifiedToolbar

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Files - Modified Within 30 Days ==========

 

[2010/03/06 13:41:33 | 007,864,320 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat

[2010/03/06 13:32:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/06 13:29:47 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Judy Holsclaw\Desktop\OTL.exe

[2010/03/06 13:23:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/06 13:23:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/06 13:08:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/03/06 12:37:36 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C1F62CBE-08DD-434E-BE16-B2AFB420784F}.job

[2010/03/06 08:03:10 | 056,772,185 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/03/05 19:32:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/05 14:02:47 | 002,442,752 | ---- | M] () -- C:\Users\Judy Holsclaw\Documents\20010 dog.nws

[2010/03/05 13:28:34 | 000,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/03/05 13:28:34 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/03/05 13:28:34 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/03/05 13:23:50 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job

[2010/03/05 13:22:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/05 13:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/04 23:11:12 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms

[2010/03/04 23:11:12 | 000,065,536 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TM.blf

[2010/03/04 23:10:40 | 003,192,779 | -H-- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\IconCache.db

[2010/03/03 18:31:43 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/03/03 15:51:58 | 000,000,067 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\InstalledProducts.ini

[2010/03/03 11:15:32 | 000,380,280 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/03/03 08:33:07 | 000,004,571 | ---- | M] () -- C:\Windows\wininit.ini

[2010/03/02 22:22:12 | 000,001,099 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\Spybot - Search & Destroy.lnk

[2010/03/02 08:03:00 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

[2010/03/01 17:42:31 | 000,028,672 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\MomsQuitClaimDeed.doc

[2010/03/01 15:21:03 | 001,431,040 | ---- | M] () -- C:\Users\Judy Holsclaw\Documents\2010 dog 2.sig

[2010/02/28 22:08:43 | 000,088,507 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\0205001246a.jpg

[2010/02/28 21:44:59 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/27 10:43:16 | 000,034,304 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/26 08:51:54 | 001,134,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/02/26 08:46:17 | 000,406,704 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/25 13:50:35 | 000,000,680 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\d3d9caps.dat

[2010/02/24 15:23:35 | 004,942,705 | ---- | M] () -- C:\Users\Judy Holsclaw\Desktop\Do_not_text_while_driving.wmv

[2010/02/24 14:49:00 | 000,000,047 | ---- | M] () -- C:\Users\Judy Holsclaw\AppData\Roaming\AVSMediaPlayer.m3u

[2010/02/23 19:05:31 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/02/23 19:05:25 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll

[2010/02/23 19:05:23 | 000,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/02/23 19:05:19 | 000,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/02/23 19:05:18 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/02/23 19:05:18 | 000,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/02/23 19:05:16 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg

[2010/02/23 19:05:16 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg

[2010/02/23 19:05:16 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg

[2010/02/22 23:17:02 | 001,687,612 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat

[2010/02/22 23:17:02 | 000,074,476 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx

[2010/02/22 23:17:02 | 000,008,724 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx

[2010/02/22 23:17:01 | 007,870,524 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat

[2010/02/22 22:35:05 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms

[2010/02/22 22:29:23 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/02/22 21:55:38 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms

[2010/02/22 21:55:38 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms

[2010/02/22 21:55:38 | 000,065,536 | -HS- | M] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TM.blf

[2010/02/22 21:07:10 | 000,524,288 | -HS- | M] () -- C:\Users\Judy Holsclaw\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/02/22 21:07:10 | 000,065,536 | -HS- | M] () -- C:\Users\Judy Holsclaw\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/02/22 20:58:15 | 000,009,870 | -HS- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\e1wnOl

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Files Created - No Company Name ==========

 

[2010/03/03 18:31:43 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/03/03 15:51:58 | 000,000,067 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\InstalledProducts.ini

[2010/03/03 08:32:24 | 000,004,571 | ---- | C] () -- C:\Windows\wininit.ini

[2010/03/02 22:22:12 | 000,001,099 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\Spybot - Search & Destroy.lnk

[2010/03/01 17:42:31 | 000,028,672 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\MomsQuitClaimDeed.doc

[2010/03/01 15:21:03 | 001,431,040 | ---- | C] () -- C:\Users\Judy Holsclaw\Documents\2010 dog 2.sig

[2010/03/01 15:20:37 | 002,442,752 | ---- | C] () -- C:\Users\Judy Holsclaw\Documents\20010 dog.nws

[2010/02/28 22:08:41 | 000,088,507 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\0205001246a.jpg

[2010/02/25 12:24:47 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/24 15:23:26 | 004,942,705 | ---- | C] () -- C:\Users\Judy Holsclaw\Desktop\Do_not_text_while_driving.wmv

[2010/02/23 19:05:31 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/02/23 19:05:18 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/02/23 19:05:16 | 056,772,185 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/02/23 19:05:16 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg

[2010/02/23 19:05:16 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg

[2010/02/23 19:05:15 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg

[2010/02/22 22:23:03 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms

[2010/02/22 22:23:03 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms

[2010/02/22 22:23:03 | 000,065,536 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{a243ed2f-202a-11df-a4fe-001fc68a00cc}.TM.blf

[2010/02/22 21:28:25 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000002.regtrans-ms

[2010/02/22 21:28:25 | 000,524,288 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TMContainer00000000000000000001.regtrans-ms

[2010/02/22 21:28:25 | 000,065,536 | -HS- | C] () -- C:\Users\Judy Holsclaw\ntuser.dat{00680f6f-2023-11df-9db7-001fc68a00cc}.TM.blf

[2010/02/22 09:48:21 | 000,009,870 | -HS- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\e1wnOl

[2009/11/07 11:51:51 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll

[2009/09/11 08:09:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 08:07:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/12 15:02:12 | 000,000,680 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\d3d9caps.dat

[2009/06/06 17:55:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/05/22 17:31:59 | 000,000,047 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\AVSMediaPlayer.m3u

[2009/05/22 17:26:24 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/05/22 17:26:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/01/29 22:30:04 | 000,870,128 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\mcs.rma

[2009/01/29 22:30:04 | 000,000,004 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\D54CCC

[2009/01/09 09:15:06 | 000,786,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/12/20 10:46:32 | 000,001,406 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Roaming\wklnhst.dat

[2008/12/02 18:23:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/11/14 23:28:13 | 000,034,304 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/25 19:07:45 | 000,001,890 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2008/05/12 20:21:23 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll

[2008/05/12 20:21:23 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== LOP Check ==========

 

[2009/03/10 13:08:17 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\agi

[2008/11/21 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\eBay

[2010/01/01 17:32:54 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Facebook

[2009/06/02 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\IObit

[2008/12/23 10:34:56 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Leadertech

[2009/11/20 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\LimeWire

[2009/10/03 09:45:46 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Morpheus Software

[2009/05/06 10:13:01 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\NCH Swift Sound

[2008/10/22 17:39:09 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Simple Star

[2009/01/06 08:18:47 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Skinux

[2009/03/23 07:54:13 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Snapfish

[2009/02/20 11:49:59 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\TeamViewer

[2008/12/20 10:46:36 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\Template

[2008/10/20 16:52:15 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\WildTangent

[2008/10/21 11:13:50 | 000,000,000 | ---D | M] -- C:\Users\Judy Holsclaw\AppData\Roaming\WinBatch

[2010/03/02 08:03:00 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job

[2010/03/05 13:23:50 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\ErrorFix Startup.job

[2010/03/04 23:10:59 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/03/06 12:37:36 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C1F62CBE-08DD-434E-BE16-B2AFB420784F}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

Judy55 Newbie

Judy55

Posted
  • Author
Posted

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: EVENTLOG.DLL >

[2007/01/13 00:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 

< MD5 for: IASTORV.SYS >

[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

Judy55 Newbie

Judy55

Posted
  • Author
Posted

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\yoyo poems.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\trojans 2009 sponsor adds.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\trojan 2009 youth football camp.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\TROJAN 2009 youth football camp1.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\spirit page samples.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\pic.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\oz3.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\oz iron on.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\oz coloring book.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\lc food signs.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\iron man add 2009.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\DEER RECIPES BK.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\danny , vicki.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\dads diaper belt.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\andys quilt.nws:OECustomProperty

@Alternate Data Stream - 143 bytes -> C:\Users\Judy Holsclaw\Documents\20010 dog.nws:OECustomProperty

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9D718DA3

< End of report >

Judy55 Newbie

Judy55

Posted
  • Author
Posted

Hi Starbuck

I hope this is what you wanted. I am not real smart with working on computers. Sorry i was late in getting this done I was sick with a virous that the kids brought home from high school. LOl computer has virous then i get one lol go figure lol . thx for all ur help o this

RandyL Newbie

RandyL

Posted
Posted
Just hang tight Judy. Starbuck can advise you when he gets back. You have some problems I see.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted (edited)

Hi Judy,

You posted just fine, thanks.

Don't worry if you can't post or reply straight away.... we're not going anywhere. :)

 

While i go through the report, can you post the extra.txt..... there should be a copy on your desktop.

 

Could you also explain this please:

O24 - Desktop WallPaper: C:\Users\Judy Holsclaw\Pictures\trojans 2009 cody\andy cody 6.jpg

did you create this folder?

 

Thanks.

Edited by Starbuck

Member of:

UNITE

Judy55 Newbie

Judy55

Posted
  • Author
Posted

lol yes my sons play football and i take pics during all the games and make a cd for all players and i give each 80 players and coaches one in aprill before the 2010 spring schrimage game. One of many volunteering things i do. I do not charge them either. Cody is my son. I also make things for our humane society too.I use print shop 23 a lot. The main coach gets a copy of game pic that wek of the game but I still make each one a copy of it all.

 

Then i make stuff for my church too.

I hope me plaaying games is not the reason my computer is mess up. I love this face book yoville game i talk with friends from other countrys there.

 

Here is what u ask for , i hope this helps

 

TY so much

JUdy

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...