dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1705
share rss forum feed


cjcath

@sbcglobal.net

1 edit

[Trojan] I think that I have been hacked

I recently was told that my e-mail was hacked. A friend said maybe it is some kind of trojan virus. E-mails were sent to people on my contact list. this is what one of my friends sent to me:
Hey CJ,

Around 20 minutes ago (10:36 AM) I received an email from your account that my email account Google suspect was spam somehow sent from your cjcath account. Google advised me to let you know and to encourage you to change the password on this account immediately. Here's a link to the Google help document the warning linked me to:
hxxps://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=1074268

I have not followed her link yet but I will check it out as soon as I am done here.
I did all of the pre cleaning steps and here are the results:
I saved them to my desktop like you sugested but know I can not kind the first one but here are two thing that it could be
This was called Changes.text
Malwarebytes Anti-Malware 1.62.0.1300

New Features:

• New advanced program updater improves upgrade speed and reduces needed bandwidth

Improvements:

• Enhanced Chameleon (v1.62) technologies to handle the latest threats
• Simplified Malwarebytes Anti-Malware PRO trial option in the installer
• Installation wizard now includes more information and guidance
• Streamlined and optimized database update module
• Updated System Requirements
• Logs enhanced to show drives and paths scanned

Issues Fixed:

• Fixed bug with scheduled scans
• Korean language now displayed correctly in language drop down menu

This is the other one says Liscense and I really don't think it is what you are looking for.
So next is the OTL
OTL logfile created on: 9/1/2012 10:59:23 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Cathiie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 80.43% Memory free
5.27 Gb Paging File | 4.71 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.55 Gb Total Space | 46.12 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive D: | 46.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CATHIE | User Name: Cathiie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/09/01 10:57:50 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathiie\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/24 06:36:12 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:51:11 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/29 14:46:46 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/29 14:46:46 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/03/27 20:04:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcmdmxp.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcserxp.sys -- (qcserxp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/02/09 14:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/19 05:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 05:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/04/30 18:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/07/01 17:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 17:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 17:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/02/25 23:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/15 04:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 08:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.google.com/nwshp?hl=en&tab=wn [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8D5EB16C-10C5-497F-8E68-75B9E02CED31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={909E771A-F78E-4F74-9B22-7E592021A86C}&mid=2dc3846cb073a3378437f519a9278346-899b272dbc0e7a64e4ed915c3c88299aac48e1c2&lang=en&ds=AVG&pr=fr&d=2011-10-09 08:32:45&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{ED824498-A0AB-43E8-9CC0-747B858CB61F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Cathiie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/22 09:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/09 16:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/22 09:04:22 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Cathiie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Cathiie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Cathiie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E11F4C-30A0-4176-9D49-4AF6DA5185A3}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/26 02:29:12 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Menu.exe -- [2011/01/26 02:29:10 | 000,367,104 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/09/01 10:57:50 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cathiie\Desktop\OTL.exe
[2012/09/01 08:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathiie\Application Data\Malwarebytes
[2012/09/01 08:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/01 08:42:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/01 08:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/01 08:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/01 08:40:51 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cathiie\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/01 08:33:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cathiie\Desktop\TFC.exe
[2012/09/01 07:33:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/22 09:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/08/21 17:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathiie\Application Data\HotSync
[2012/08/04 08:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2012/08/04 08:19:17 | 000,000,000 | ---D | C] -- C:\Brother
[2012/08/04 08:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012/08/04 08:19:11 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2012/08/04 08:19:11 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2012/08/04 08:19:10 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2012/08/04 08:19:10 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2012/08/04 08:15:03 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2012/08/04 07:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathiie\Desktop\wlan_wiz
[2012/08/04 07:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathiie\Desktop\install
[8 C:\Documents and Settings\Cathiie\My Documents\*.tmp files -> C:\Documents and Settings\Cathiie\My Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/09/01 10:57:50 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathiie\Desktop\OTL.exe
[2012/09/01 10:13:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1855449076-1722532745-1471321435-1006UA.job
[2012/09/01 10:06:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/01 09:13:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1855449076-1722532745-1471321435-1006Core.job
[2012/09/01 08:42:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/01 08:41:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cathiie\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/01 08:33:09 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathiie\Desktop\TFC.exe
[2012/09/01 08:22:29 | 105,493,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/08/31 11:40:29 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/31 11:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/25 02:01:42 | 000,244,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/08/24 06:36:10 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/24 06:36:10 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/22 09:04:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/08/21 19:16:05 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Cathiie\Desktop\Google Chrome.lnk
[2012/08/21 19:16:05 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Cathiie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 17:35:13 | 000,000,094 | ---- | M] () -- C:\WINDOWS\family.ini
[2012/08/11 08:24:54 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Cathiie\Local Settings\Application Data\dt.dat
[2012/08/04 08:19:39 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[8 C:\Documents and Settings\Cathiie\My Documents\*.tmp files -> C:\Documents and Settings\Cathiie\My Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/09/01 08:42:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 17:35:13 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2012/08/11 08:24:54 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Cathiie\Local Settings\Application Data\dt.dat
[2012/08/04 08:19:39 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/04/10 19:57:21 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/21 08:30:51 | 000,038,462 | ---- | C] () -- C:\Documents and Settings\Cathiie\Application Data\Microsoft Excel.ADR
[2011/12/18 18:23:56 | 000,001,326 | -HS- | C] () -- C:\Documents and Settings\Cathiie\Local Settings\Application Data\347375u4d180a853f378m1ytf1g3
[2011/12/18 18:23:56 | 000,001,326 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\347375u4d180a853f378m1ytf1g3
[2011/11/02 20:23:56 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/11/02 20:23:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/11/02 20:23:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/10/31 22:49:25 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Cathiie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 15:55:55 | 000,123,082 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2011/10/22 15:55:55 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2011/10/20 18:28:45 | 000,123,082 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2011/10/20 18:28:45 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2011/10/16 13:35:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/08/19 05:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 05:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 05:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/26 02:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/06/23 03:18:49 | 000,225,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/04 16:21:26 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Cathiie\Local Settings\Application Data\fusioncache.dat
[2009/03/27 20:04:23 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Cathiie\GoToAssistDownloadHelper.exe

[color=#E56717]========== LOP Check ==========[/color]

[2012/07/09 16:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/08/06 09:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/10/09 08:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/10/09 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/03/27 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/16 20:22:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/11 09:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/08/31 00:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/09/01 08:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/16 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/02/12 09:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/10/16 15:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/07/17 08:39:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/12/25 13:10:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/06 13:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\AVG Secure Search
[2011/10/09 08:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\AVG2012
[2012/08/31 11:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\Dropbox
[2012/08/21 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\HotSync
[2009/03/25 22:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\ICAClient
[2011/11/15 20:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\Leadertech
[2011/12/30 11:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\MSNInstaller
[2009/04/14 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\OfficeUpdate12
[2012/03/14 20:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\Outlook
[2011/09/14 17:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\Quicken WillMaker
[2011/12/25 13:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathiie\Application Data\TuneUp Software

[color=#E56717]========== Purity Check ==========[/color]

Next is Extras

OTL Extras logfile created on: 9/1/2012 10:59:24 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Cathiie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 80.43% Memory free
5.27 Gb Paging File | 4.71 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.55 Gb Total Space | 46.12 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive D: | 46.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CATHIE | User Name: Cathiie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Cathiie\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Cathiie\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Tango\Tango.exe" = C:\Program Files\Tango\Tango.exe:*:Enabled:Tango -- (Tango Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{596ECF31-381D-406D-9C22-6B805C3D7A8F}" = TurboTax 2011 wgaiper
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 3.0
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HTC_WModemDriver" = WModem Driver Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PIXresizer_is1" = PIXresizer
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"TsActiveXClient" = Terminal Services Web Client
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Williams-Sonoma Guide to Good Cooking" = Williams-Sonoma Guide to Good Cooking
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Tango" = Tango
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/26/2011 10:11:38 PM | Computer Name = CATHIE | Source = MsiInstaller | ID = 11321
Description = Product: TuneUp Utilities 2011 -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TuneUp Utilities 2011\GR32_D6.bpl.

Error - 11/26/2011 10:11:42 PM | Computer Name = CATHIE | Source = MsiInstaller | ID = 11321
Description = Product: TuneUp Utilities 2011 -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TuneUp Utilities 2011\XMLComponents.bpl.

Error - 12/4/2011 1:24:03 AM | Computer Name = CATHIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/4/2011 2:51:09 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 12/4/2011 2:51:10 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 12/4/2011 2:51:10 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 12/4/2011 2:51:11 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 12/4/2011 2:51:11 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 12/4/2011 2:51:12 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 12/4/2011 2:51:12 AM | Computer Name = CATHIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

[ System Events ]
Error - 9/1/2012 10:48:38 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:38 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:39 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:39 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:40 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:47 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:47 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:48 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:48 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 9/1/2012 10:48:49 AM | Computer Name = CATHIE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

[ TuneUp Events ]
Error - 12/29/2011 2:41:07 AM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/1/2012 10:04:17 AM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/1/2012 10:04:17 AM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/17/2012 3:41:54 PM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/17/2012 3:41:54 PM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 1/17/2012 3:41:54 PM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 2/4/2012 5:48:08 AM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 2/4/2012 5:48:08 AM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 2/4/2012 5:48:08 AM | Computer Name = CATHIE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Next is Checkup

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG 2012
AVG2012 successfully updated!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 15
Java(TM) 6 Update 5
[color=red]Java version out of Date![/color]
Adobe Reader X 10.1.1 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 2%
[u]````````````````````End of Log``````````````````````[/u]

Next is Online antivirus scan

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=296f25c307f68f46b82ef1fdac1b0149
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-01 03:52:56
# local_time=2012-09-01 11:52:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 27427696 27427696 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77305
# found=0
# cleaned=0
# scan_time=2050

That was the last one. This was a lot of work but I know that it will be worth it. I recently turned 50 and had to have a colonoscopy. I am somehow reminded of the prep with all of these procedures. Nothing like a good bran muffin.
THank you so much for your help.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

While I check the logs, do you use an email client (Outlook, Thunderbird, Outlook Express, Windows Live Mail, etc) for email or do you use a web based account from your ISP, or Hotmail, Yahoo, Gmail, etc?

If a web based email, immediately change your password. Use a strong password that is unique to that email account. Also, check the Sent Mail folder to see if copies of the sent spam are there.