Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Malware removal problems

  1. #1
    Junior Member strawberry77's Avatar
    Join Date
    Feb 2011
    Location
    Pennsylvania, USA
    Posts
    14

    Default Malware removal problems

    Having the following problems:
    site redirection in both Chrome and Firefox
    game sites, blank pages(eclick in url box) among others
    pop-ups for survey completion before getting to site intended(Must close browser!)
    Windows update - just hangs
    cannot update SBS+D, error message
    cannot uninstall AVG - error, uninstall request ignored!(not sure if connected issue)

    Have run Malwarebites- found 9 items were removed.(have not re-run)(saved a log but can't find it now!)
    Have run Adaware- found nothing

    Here is the log thingy, I hope I am doing this correctly.
    Thank you for any help you can offer.


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Al&Marianne at 17:27:59.05 on Wed 02/16/2011
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.876 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\ZoneLabs\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\CSHelper.exe
    C:\Program Files\Dicter\DicterService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Al&Marianne\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Al&Marianne\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://h10025.www1.hp.com/ewfrf/wc/documentSubCategory?tmp_rule=17997&lc=en&dlc=en&cc=us&lang=en&softwareitem=mp-62866-1&os=2093&product=3635399
    uWindow Title = Internet Explorer provided by Dell
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [<NO NAME>]
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTExMjk5MDg2LVQxNy1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMg"&"prod=90"&"ver=10.0.1204
    StartupFolder: c:\users\al&mar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\al&marianne\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
    StartupFolder: c:\users\al&mar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\al&mar~1\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=KpNijdyD&q=
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
    FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    FF - plugin: c:\users\al&marianne\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\al&marianne\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\al&marianne\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\users\al&marianne\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\al&marianne\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: PriceBlink: info@priceblink.com - %profile%\extensions\info@priceblink.com
    FF - Ext: eMusic Toolbar: {9ee802e8-c931-47ab-b570-aa8f791598ca} - %profile%\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

    ---- FIREFOX POLICIES ----

    FF - user.js: browser.search.selectedEngine - Search
    FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=KpNijdyD&q=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-8 64288]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
    S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]

    =============== Created Last 30 ================

    2011-02-16 11:59:03 -------- d-----w- c:\users\al&mar~1\appdata\roaming\Malwarebytes
    2011-02-16 11:58:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-16 11:58:54 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-16 11:58:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-16 11:58:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-15 06:52:05 -------- d-----w- c:\users\al&mar~1\appdata\roaming\Avira
    2011-02-15 05:47:00 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-15 05:46:58 -------- d-----w- c:\program files\Avira
    2011-02-15 05:46:58 -------- d-----w- c:\progra~2\Avira
    2011-02-14 20:13:21 -------- d-----w- c:\progra~2\InstallMate
    2011-02-14 20:04:03 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-02-13 00:32:19 -------- d-----w- c:\program files\TeamViewer
    2011-02-12 17:42:59 -------- d-----w- c:\program files\common files\Software Update Utility
    2011-02-06 01:47:53 -------- d-----w- c:\program files\Paint.NET
    2011-02-06 01:46:17 -------- d-----w- c:\users\al&mar~1\appdata\local\Paint.NET
    2011-02-02 23:43:15 -------- d-----w- c:\users\al&mar~1\appdata\local\PackageAware
    2011-01-31 21:45:25 -------- d-----w- c:\program files\iPod
    2011-01-27 21:22:43 -------- d-----w- c:\progra~2\WD_SmartWareCommon
    2011-01-27 20:16:24 -------- d-----w- c:\users\al&mar~1\appdata\local\Western_Digital
    2011-01-27 20:09:01 -------- d-----w- c:\program files\Western Digital
    2011-01-26 02:16:24 -------- d-----w- C:\Nancy Drew
    2011-01-21 19:23:42 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
    2011-01-21 18:35:24 -------- d-----w- c:\program files\Microsoft
    2011-01-21 18:35:22 -------- d-----w- c:\program files\MSN Toolbar
    2011-01-21 18:34:56 -------- d-----w- c:\program files\Bing Bar Installer
    2011-01-21 18:29:39 -------- d-----w- c:\program files\common files\HP
    2011-01-21 18:26:59 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
    2011-01-21 18:19:59 454504 ----a-w- c:\windows\system32\hpzids01.dll
    2011-01-21 18:19:58 970752 ----a-w- c:\windows\system32\hpwtiop4.dll
    2011-01-21 18:19:58 718336 ----a-w- c:\windows\system32\hpwwiax5.dll
    2011-01-21 18:19:57 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-01-21 18:19:57 294912 ----a-w- c:\windows\system32\hpovst11.dll
    2011-01-21 17:40:21 -------- d-----w- c:\users\al&mar~1\appdata\roaming\eTeks

    ==================== Find3M ====================

    2010-12-27 23:51:35 150 ----a-w- C:\Delme.bat
    2010-12-14 21:32:19 645120 ----a-w- C:\~GLHTTP1.TMP
    2010-12-14 21:32:05 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 17:30:03.76 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Looks like you have both avira and AVG anti virus installed, not good, using a great amount of system resources and will cause other problems, its best to have just one , keep it updated and run scans on a regular basis. Your call but you need to uninstall one via Programs and Features in the Control Panel. Do this now


    Open Malwarebytes and go to the report tab and copy and paste the log into this thread for me to see
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member strawberry77's Avatar
    Join Date
    Feb 2011
    Location
    Pennsylvania, USA
    Posts
    14

    Default

    AVG stopped working correctly...it is disabled right now...so that is why I started using AVIRA. AVG will not uninstall that is why I disabled it. I don't know how to fix that situation or if it is related to the malware infestation.
    Here is the MB log. Thank you very much for your help.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    2/16/2011 8:57:10 AM
    mbam-log-2011-02-16 (08-56-35).txt

    Scan type: Quick scan
    Objects scanned: 174569
    Time elapsed: 10 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B469590C-3F8C-454A-A707-78AD43574109}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B469590C-3F8C-454A-A707-78AD43574109}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C94F39EB-67AD-4BD1-9296-475ED149C5FB}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\fb_reg20091108.log (KoobFace.Trace) -> No action taken.

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    You have some serious infections that Malwarebytes found but you had it set to TAKE NO ACTION, you need to open Malwarebytes, check for updates and run the Quick Scan and remove all it finds , then post the new log.


    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member strawberry77's Avatar
    Join Date
    Feb 2011
    Location
    Pennsylvania, USA
    Posts
    14

    Default

    Here is the newly run MB log file.
    Thank you for your assistance.
    I await your instructions.


    hMalwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5789

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    2/18/2011 12:31:20 AM
    mbam-log-2011-02-18 (00-31-20).txt

    Scan type: Quick scan
    Objects scanned: 181864
    Time elapsed: 19 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go ahead and run OTL and post the log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member strawberry77's Avatar
    Join Date
    Feb 2011
    Location
    Pennsylvania, USA
    Posts
    14

    Default

    Here are the OTL logs-FYI-about 20 seconds into the scan the program froze(not responding)then unfroze after 10 secs or so, I don't know if it did it again or not, I wasn't watching the whole time.

    OTL logfile created on: 2/18/2011 9:47:37 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 43.00 Gb Free Space | 19.30% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
    Drive G: | 930.86 Gb Total Space | 850.30 Gb Free Space | 91.35% Space Free | Partition Type: NTFS

    Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Al&Marianne\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
    PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
    PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\CSHelper.exe ()
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Al&Marianne\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


    ========== Win32 Services (SafeList) ==========

    SRV - (CLTNetCnService) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (DicterUpdateService) -- C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
    SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
    SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
    DRV - (rcmirror) -- C:\Windows\System32\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
    DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://h10025.www1.hp.com/ewfrf/wc/d...roduct=3635399
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
    FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
    FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
    FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
    FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/05 15:49:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/31 09:31:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 13:35:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 13:35:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 15:52:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 22:21:15 | 000,000,000 | ---D | M]

    [2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions
    [2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
    [2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions
    [2011/01/18 10:04:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/01/18 10:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
    [2010/07/31 13:02:27 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
    [2010/09/15 19:44:22 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/07/22 14:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/10 19:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(421)
    [2009/10/29 12:40:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/09/30 11:06:53 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\info@priceblink.com
    [2009/03/22 17:06:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\moveplayer@movenetworks.com
    [2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/19 22:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
    [2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
    [2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
    [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2008/08/15 21:42:10 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    [2010/08/24 14:42:59 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

    O1 HOSTS File: ([2011/02/15 00:26:17 | 000,249,908 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.1001-search.info
    O1 - Hosts: 127.0.0.1 1001-search.info
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 8711 more lines...
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
    O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/downlo...4/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
    O24 - Desktop BackupWallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell - "" = AutoRun
    O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell - "" = AutoRun
    O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell - "" = AutoRun
    O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{630d4bea-982a-11df-96ff-001aa0976877}\Shell\AutoRun\command - "" = setup.exe
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/17 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
    [2011/02/17 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Assemblage
    [2011/02/17 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Pictures of decorated pot
    [2011/02/17 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Creche pics
    [2011/02/16 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Log files
    [2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/02/16 06:59:03 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Malwarebytes
    [2011/02/16 06:58:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/02/16 06:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/16 06:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/16 06:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/02/16 06:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/02/15 21:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/15 21:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/15 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
    [2011/02/15 01:52:05 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Avira
    [2011/02/15 00:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/02/15 00:47:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/02/15 00:47:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/02/15 00:47:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/02/14 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2011/02/14 15:04:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/02/14 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/02/12 19:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2011/02/12 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
    [2011/02/12 12:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2011/02/05 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
    [2011/02/05 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Paint.NET
    [2011/02/02 19:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
    [2011/02/02 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\PackageAware
    [2011/01/31 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/01/31 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/01/27 16:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
    [2011/01/27 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Western_Digital
    [2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
    [2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
    [2011/01/25 21:16:24 | 000,000,000 | ---D | C] -- C:\Nancy Drew
    [2011/01/21 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2011/01/21 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
    [2011/01/21 13:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
    [2011/01/21 13:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2011/01/21 13:26:59 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l02t.dll
    [2011/01/21 13:25:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
    [2011/01/21 13:19:59 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
    [2011/01/21 13:19:58 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll
    [2011/01/21 13:19:58 | 000,718,336 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll
    [2011/01/21 13:19:57 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
    [2011/01/21 13:19:57 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
    [2011/01/21 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/18 09:27:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/18 08:43:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/02/18 08:43:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/18 08:43:08 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/18 08:43:08 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/18 08:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/18 08:43:00 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/17 22:29:52 | 000,028,160 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
    [2011/02/17 19:57:21 | 000,072,080 | ---- | M] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
    [2011/02/17 14:46:14 | 000,618,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/17 14:46:14 | 000,108,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/16 17:23:37 | 000,000,915 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/02/16 17:22:54 | 000,000,716 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
    [2011/02/16 09:16:03 | 000,000,000 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
    [2011/02/16 06:58:55 | 000,000,932 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/02/16 01:07:29 | 106,219,812 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/02/16 00:22:36 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/02/15 22:55:49 | 000,000,602 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
    [2011/02/15 00:39:55 | 000,001,111 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/02/15 00:39:55 | 000,001,087 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Spybot - Search & Destroy.lnk
    [2011/02/15 00:26:17 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/02/14 15:04:00 | 000,001,033 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/02/14 15:04:00 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/02/12 12:43:17 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
    [2011/02/12 12:43:15 | 000,001,731 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/02/12 12:43:15 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
    [2011/02/11 21:28:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/01/31 16:46:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/27 15:10:10 | 000,001,284 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
    [2011/01/27 15:10:10 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/01/22 10:54:32 | 000,352,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/21 14:58:57 | 000,011,264 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Haldane.doc
    [2011/01/21 14:25:56 | 000,228,975 | ---- | M] () -- C:\Windows\hpwins23.dat
    [2011/01/21 13:34:44 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/01/21 13:32:04 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2011/01/20 17:13:44 | 000,001,635 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/17 19:57:19 | 000,072,080 | ---- | C] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
    [2011/02/16 17:23:37 | 000,000,915 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/02/16 17:22:54 | 000,000,716 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
    [2011/02/16 06:58:55 | 000,000,932 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/02/15 22:55:49 | 000,000,602 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
    [2011/02/14 15:04:00 | 000,001,033 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/02/14 15:04:00 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/02/12 19:32:44 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
    [2011/02/05 20:50:18 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
    [2011/01/31 16:46:55 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/27 15:10:10 | 000,001,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
    [2011/01/27 15:10:10 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/01/22 11:50:08 | 000,028,160 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
    [2011/01/21 14:25:51 | 000,001,106 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\ConvAPIPlugin.log
    [2011/01/21 13:35:38 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
    [2011/01/21 13:35:04 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2011/01/21 13:34:44 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/01/21 13:32:59 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2011/01/21 13:32:04 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2010/01/28 13:06:03 | 000,024,206 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\UserTile.png
    [2010/01/18 15:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
    [2009/12/14 16:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
    [2009/08/03 21:41:21 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
    [2009/07/22 22:30:51 | 000,000,134 | ---- | C] () -- C:\Windows\QTW.INI
    [2009/06/05 21:03:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/01/28 12:10:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
    [2008/03/05 15:52:11 | 000,001,668 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/01/27 00:52:37 | 000,062,254 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/01/19 15:27:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2008/01/05 15:57:42 | 000,000,680 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\d3d9caps.dat
    [2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
    [2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/10/12 16:23:11 | 000,002,582 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\wklnhst.dat
    [2007/10/12 11:06:59 | 000,796,312 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
    [2007/10/10 13:18:18 | 000,161,280 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/06 16:02:46 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/10/06 16:02:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

    ========== LOP Check ==========

    [2010/12/27 22:21:40 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Ableton
    [2010/09/10 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\acccore
    [2007/11/14 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Aim
    [2008/12/28 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Amazon
    [2010/10/31 19:02:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Armagetron
    [2010/09/29 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\AVG10
    [2011/02/14 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Azureus
    [2009/07/31 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive
    [2010/04/21 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CheckPoint
    [2010/07/22 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eMusic
    [2011/01/21 12:40:21 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
    [2010/06/18 10:23:55 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Facebook
    [2010/09/04 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Greyfirst
    [2009/01/15 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Image Zone Express
    [2010/03/22 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\IrfanView
    [2007/12/18 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\LimeWire
    [2010/11/23 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\MPEG Streamclip
    [2010/09/12 07:55:20 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\NCH Swift Sound
    [2008/12/27 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\OpenOffice.org
    [2008/04/20 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Printer Info Cache
    [2009/05/19 18:19:56 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\SecondLife
    [2007/10/12 16:23:11 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Template
    [2009/09/18 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Uniblue
    [2010/11/23 23:06:18 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Unity
    [2011/01/27 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Western Digital
    [2010/06/15 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\WinPatrol
    [2011/02/18 01:22:43 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

  8. #8
    Junior Member strawberry77's Avatar
    Join Date
    Feb 2011
    Location
    Pennsylvania, USA
    Posts
    14

    Default

    OTL Extras logfile created on: 2/18/2011 9:47:37 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 43.00 Gb Free Space | 19.30% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
    Drive G: | 930.86 Gb Total Space | 850.30 Gb Free Space | 91.35% Space Free | Partition Type: NTFS

    Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2465096198-745748740-959045523-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 5

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3F53AC7F-0053-46CD-97E1-50314BC520B9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{014C1650-47EA-4CE4-B0CB-A59576F8EF91}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{0845D630-78B5-4FA9-A312-DB20A2E9C343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{0E702F8E-316A-4D6E-A7B9-363C9DFC1714}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{0F77678F-FD8F-44B8-8DE1-1662D70278E0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{1F8CC517-1610-4772-A8C9-F3801C2FC64F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{24293F55-6B24-42F7-ABE3-09F252663B31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
    "{2E3C88EC-4F29-47B3-AF7F-3D312D1839EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{32D6519B-37E7-4385-8329-9CE17B50CF90}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{3A00C05A-CE6B-47AB-BC09-6C693702B5B2}" = protocol=6 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4188DF13-445C-461A-89CE-BFBF1D4E84A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{42DFE461-4D34-431C-AFA1-6B1D05E35E5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
    "{45F3BB94-B808-4194-B569-122C78AFAECA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{546D7B89-D9F1-45CB-8FBE-A4392D517CB7}" = protocol=17 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{560EFB3E-D330-40AC-9EB8-A6945C2886EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{5A9ADCCC-DDA3-40CB-8F05-F8C2E130F4BD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{5B9DB29D-5307-49A8-BCB4-00E28B1E9269}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{60B6385D-DF39-42EE-B9E3-4814AA78083C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{65A9016E-1329-44F3-A9F2-94F1ABEFB3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{660444AA-CC8D-42EF-8F91-53AFFF8FFCE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{69BEF2DB-3B21-4EB1-94F2-8162634B394D}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{6EA77D89-57CF-4F6B-96FF-BBBECCA62C9F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{718E048B-EDBA-4CBA-AA2F-57B9BE9D647F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{7466C883-A76E-4483-B65E-150C9E9060F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{75F0D437-21E5-4333-B873-8CFCECF62983}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{75FB9D31-1233-4899-9DB8-07F6B210B4A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{78C28CCC-5240-46BF-A6FB-949DE1A05420}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7F9F52CF-1653-4CF0-BE0F-FA0D96461835}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{81AD00C7-60C4-4371-9549-BA69AD7EB2A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{869A6EF4-839C-4379-BFAB-4B38B03C2DF1}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{92A225DF-20B1-48CE-8A7C-70F1AC84A077}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{94554304-409B-4B1A-84E1-7C5F750CC2CE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{98534A78-6FD1-4D5E-AE29-55170EA0B600}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
    "{98BDBECE-1387-4229-A37A-5067E8F6A025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{9EDCB59C-DE40-48EA-A4B0-435FF6061AAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{A38EEE45-9DBC-432E-A62C-9C9653E8F04C}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
    "{A4AAF4C5-8B43-44B5-8763-933C1AEE7890}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{A70E3F8E-EBC0-4377-BF78-51E0475276BA}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
    "{B0434737-EEBB-4061-9D5D-0CA941D1F739}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{B0ABFBF8-5D9E-4AA6-AC9F-C562815AC4B5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{BFC11691-3A2F-4059-8C7E-5F44DE52262D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
    "{C4BFA500-2280-4225-8827-F63452CA24B7}" = dir=in | app=c:\users\al&marianne\appdata\local\temp\hp\oj6500ve709_full_12_en\setup\hpznui01.exe |
    "{C973CC23-E665-4E59-ACC0-2418ACFE32B3}" = protocol=17 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{CC42AB28-7DC2-4F34-B8E1-6C30598BD5C6}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{CF613483-F14F-46C9-9299-99139AF1179C}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
    "{D2B1BCC8-9859-4D90-8597-BD8227A39147}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{D4809965-9B14-4079-800E-5C4854BEF7FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{D6223ED6-C110-4DBE-87DD-37E7AE0885FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{D73C43EA-8E59-4861-8047-568DCCEF9D9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{D93E6552-2EDA-4F7A-B944-B10271BC87AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{E5978FC2-96D3-4276-B75B-A0E1064B7DB0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{EA0E1ECF-8944-4BD6-8B34-67D30A334E57}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{EE556165-6FC9-4EF2-8321-8E14D13409CA}" = protocol=6 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F77AD6DF-8228-4E62-9E7F-F6F23102DC3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{F8BBE6C1-4A32-4812-B985-EDB476659EF9}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "TCP Query User{84622680-1C01-4D9C-A794-34BE7FE6A241}C:\program files\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\program files\armagetron advanced\armagetronad.exe |
    "TCP Query User{8514598A-467D-498E-A6F5-D5AC0AA17812}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{FFD931D8-0D7A-4095-9291-0D07CD26DA3F}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{5D279BCA-AA2C-4B20-AD14-8DC6E8C92EC0}C:\program files\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\program files\armagetron advanced\armagetronad.exe |
    "UDP Query User{D15FD2C5-6385-4656-B350-F1E9F939C4ED}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{FFC68871-93F0-4EBE-AAA0-BE15BF83F786}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
    "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
    "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{8551C414-2ACB-492E-9CEB-248BC81C46E0}_is1" = DICTER 3.05
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FB6AF1C-7B7B-42F9-BAAF-7592AC9819E6}" = AVG 2011
    "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "8461-7759-5462-8226" = Vuze
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AIM_7" = AIM 7
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
    "Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
    "ArtistScope Plugin FX 424.2.0.0" = ArtistScope Plugin FX 42
    "Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
    "AVG" = AVG 2011
    "AVIConverter" = AVIConverter CHN-EN Package
    "Celtx (2.7)" = Celtx (2.7)
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "HPOCR" = OCR Software by I.R.I.S. 14.0
    "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "IrfanView" = IrfanView (remove only)
    "Live 8.0.4" = Live 8.0.4
    "Live 8.2.1" = Live 8.2.1
    "LucasArts' Rogue Squadron" = LucasArts' Rogue Squadron
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Marine Sharpshooter II: Jungle Warfare" = Marine Sharpshooter II: Jungle Warfare
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Miditzer Style 216" = Miditzer Style 216 ver. 0.881
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
    "Myst for Windows 95" = Myst for Windows 95
    "Picasa 3" = Picasa 3
    "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
    "RealPlayer 6.0" = RealPlayer
    "Shop for HP Supplies" = Shop for HP Supplies
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "TeamViewer 6" = TeamViewer 6
    "ToneGen" = NCH Tone Generator
    "Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
    "VideoPad" = VideoPad Video Editor
    "WavePad" = WavePad Sound Editor
    "WinPatrol" = WinPatrol
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CNET TechTracker" = CNET TechTracker
    "Facebook Plug-In" = Facebook Plug-In
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/17/2011 2:25:49 PM | Computer Name = NewDell-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 2/17/2011 2:25:49 PM | Computer Name = NewDell-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 2/17/2011 3:32:18 PM | Computer Name = NewDell-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 2/17/2011 8:53:58 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/17/2011 8:54:06 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4443845

    Error - 2/17/2011 8:54:06 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4443845

    Error - 2/17/2011 8:54:21 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/17/2011 8:54:21 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4466870

    Error - 2/17/2011 8:54:21 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4466870

    Error - 2/18/2011 10:06:22 AM | Computer Name = NewDell-PC | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    [ Media Center Events ]
    Error - 10/19/2007 5:58:52 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/29/2008 1:32:06 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/9/2009 4:01:15 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/11/2009 1:18:02 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 2/16/2011 10:01:44 AM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2/16/2011 10:02:30 AM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/16/2011 1:45:36 PM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2/16/2011 1:46:29 PM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/16/2011 5:27:04 PM | Computer Name = NewDell-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 2/17/2011 2:22:32 AM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 2/17/2011 1:19:45 PM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2/17/2011 1:20:34 PM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/18/2011 9:44:12 AM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2/18/2011 9:45:03 AM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Before we begin try running this AVG Removal tool, then run OTL again and post a new log. It looks like you have the 32bit version of windows
    http://www.avg.com/us-en/download-tools
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member strawberry77's Avatar
    Join Date
    Feb 2011
    Location
    Pennsylvania, USA
    Posts
    14

    Default

    I ran the AVG removal tool. Then OTL.
    Here are the logs.

    OTL logfile created on: 2/18/2011 10:08:27 PM - Run 2
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 43.37 Gb Free Space | 19.47% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
    Drive G: | 930.86 Gb Total Space | 850.28 Gb Free Space | 91.34% Space Free | Partition Type: NTFS

    Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Al&Marianne\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
    PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
    PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\CSHelper.exe ()
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Al&Marianne\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


    ========== Win32 Services (SafeList) ==========

    SRV - (CLTNetCnService) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (DicterUpdateService) -- C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
    SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
    SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
    DRV - (rcmirror) -- C:\Windows\System32\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
    DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://h10025.www1.hp.com/ewfrf/wc/d...roduct=3635399
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
    FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
    FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
    FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
    FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/05 15:49:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 13:35:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 13:35:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 15:52:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 22:21:15 | 000,000,000 | ---D | M]

    [2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions
    [2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
    [2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions
    [2011/01/18 10:04:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/01/18 10:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
    [2010/07/31 13:02:27 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
    [2010/09/15 19:44:22 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/07/22 14:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/10 19:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(421)
    [2009/10/29 12:40:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/09/30 11:06:53 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\info@priceblink.com
    [2009/03/22 17:06:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\moveplayer@movenetworks.com
    [2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/19 22:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
    [2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
    [2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
    [2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
    [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2008/08/15 21:42:10 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    [2010/08/24 14:42:59 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

    O1 HOSTS File: ([2011/02/15 00:26:17 | 000,249,908 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.1001-search.info
    O1 - Hosts: 127.0.0.1 1001-search.info
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 8711 more lines...
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
    O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/downlo...4/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
    O24 - Desktop BackupWallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell - "" = AutoRun
    O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell - "" = AutoRun
    O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell - "" = AutoRun
    O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{630d4bea-982a-11df-96ff-001aa0976877}\Shell\AutoRun\command - "" = setup.exe
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/18 09:45:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Al&Marianne\Desktop\OTL.exe
    [2011/02/17 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
    [2011/02/17 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Assemblage
    [2011/02/17 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Pictures of decorated pot
    [2011/02/17 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Creche pics
    [2011/02/16 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Log files
    [2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/02/16 06:59:03 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Malwarebytes
    [2011/02/16 06:58:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/02/16 06:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/16 06:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/16 06:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/02/16 06:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/02/15 21:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/15 21:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/15 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
    [2011/02/15 01:52:05 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Avira
    [2011/02/15 00:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/02/15 00:47:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/02/15 00:47:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/02/15 00:47:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/02/14 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2011/02/14 15:04:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/02/14 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/02/12 19:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2011/02/12 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
    [2011/02/12 12:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2011/02/05 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
    [2011/02/05 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Paint.NET
    [2011/02/02 19:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
    [2011/02/02 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\PackageAware
    [2011/01/31 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/01/31 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/01/27 16:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
    [2011/01/27 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Western_Digital
    [2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
    [2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
    [2011/01/25 21:16:24 | 000,000,000 | ---D | C] -- C:\Nancy Drew
    [2011/01/21 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2011/01/21 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
    [2011/01/21 13:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
    [2011/01/21 13:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2011/01/21 13:26:59 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l02t.dll
    [2011/01/21 13:25:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
    [2011/01/21 13:19:59 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
    [2011/01/21 13:19:58 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll
    [2011/01/21 13:19:58 | 000,718,336 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll
    [2011/01/21 13:19:57 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
    [2011/01/21 13:19:57 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
    [2011/01/21 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/18 21:51:04 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/02/18 21:50:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/18 21:50:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/18 21:50:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/18 21:50:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/18 21:50:40 | 2134,044,672 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/18 21:27:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/18 09:45:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Al&Marianne\Desktop\OTL.exe
    [2011/02/17 22:29:52 | 000,028,160 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
    [2011/02/17 19:57:21 | 000,072,080 | ---- | M] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
    [2011/02/17 14:46:14 | 000,618,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/17 14:46:14 | 000,108,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/16 17:23:37 | 000,000,915 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/02/16 17:22:54 | 000,000,716 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
    [2011/02/16 09:16:03 | 000,000,000 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
    [2011/02/16 06:58:55 | 000,000,932 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/02/15 22:55:49 | 000,000,602 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
    [2011/02/15 00:39:55 | 000,001,111 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/02/15 00:39:55 | 000,001,087 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Spybot - Search & Destroy.lnk
    [2011/02/15 00:26:17 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/02/14 15:04:00 | 000,001,033 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/02/14 15:04:00 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/02/12 12:43:17 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
    [2011/02/12 12:43:15 | 000,001,731 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/02/12 12:43:15 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
    [2011/02/11 21:28:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/01/31 16:46:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/27 15:10:10 | 000,001,284 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
    [2011/01/27 15:10:10 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/01/22 10:54:32 | 000,352,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/21 14:58:57 | 000,011,264 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Haldane.doc
    [2011/01/21 14:25:56 | 000,228,975 | ---- | M] () -- C:\Windows\hpwins23.dat
    [2011/01/21 13:34:44 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/01/21 13:32:04 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2011/01/20 17:13:44 | 000,001,635 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/17 19:57:19 | 000,072,080 | ---- | C] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
    [2011/02/16 17:23:37 | 000,000,915 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/02/16 17:22:54 | 000,000,716 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
    [2011/02/16 06:58:55 | 000,000,932 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/02/15 22:55:49 | 000,000,602 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
    [2011/02/14 15:04:00 | 000,001,033 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/02/14 15:04:00 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/02/12 19:32:44 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
    [2011/02/05 20:50:18 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
    [2011/01/31 16:46:55 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/27 15:10:10 | 000,001,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
    [2011/01/27 15:10:10 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/01/22 11:50:08 | 000,028,160 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
    [2011/01/21 14:25:51 | 000,001,106 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\ConvAPIPlugin.log
    [2011/01/21 13:35:38 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
    [2011/01/21 13:35:04 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2011/01/21 13:34:44 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/01/21 13:32:59 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2011/01/21 13:32:04 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2010/01/28 13:06:03 | 000,024,206 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\UserTile.png
    [2010/01/18 15:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
    [2009/12/14 16:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
    [2009/08/03 21:41:21 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
    [2009/07/22 22:30:51 | 000,000,134 | ---- | C] () -- C:\Windows\QTW.INI
    [2009/06/05 21:03:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/01/28 12:10:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
    [2008/03/05 15:52:11 | 000,001,668 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/01/27 00:52:37 | 000,062,254 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/01/19 15:27:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2008/01/05 15:57:42 | 000,000,680 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\d3d9caps.dat
    [2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
    [2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/10/12 16:23:11 | 000,002,582 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\wklnhst.dat
    [2007/10/12 11:06:59 | 000,796,312 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
    [2007/10/10 13:18:18 | 000,161,280 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/06 16:02:46 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/10/06 16:02:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

    ========== LOP Check ==========

    [2010/12/27 22:21:40 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Ableton
    [2010/09/10 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\acccore
    [2007/11/14 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Aim
    [2008/12/28 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Amazon
    [2010/10/31 19:02:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Armagetron
    [2010/09/29 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\AVG10
    [2011/02/14 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Azureus
    [2009/07/31 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive
    [2010/04/21 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CheckPoint
    [2010/07/22 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eMusic
    [2011/01/21 12:40:21 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
    [2010/06/18 10:23:55 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Facebook
    [2010/09/04 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Greyfirst
    [2009/01/15 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Image Zone Express
    [2010/03/22 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\IrfanView
    [2007/12/18 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\LimeWire
    [2010/11/23 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\MPEG Streamclip
    [2010/09/12 07:55:20 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\NCH Swift Sound
    [2008/12/27 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\OpenOffice.org
    [2008/04/20 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Printer Info Cache
    [2009/05/19 18:19:56 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\SecondLife
    [2007/10/12 16:23:11 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Template
    [2009/09/18 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Uniblue
    [2010/11/23 23:06:18 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Unity
    [2011/01/27 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Western Digital
    [2010/06/15 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\WinPatrol
    [2011/02/18 21:49:16 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •