View Full Version : redirection virus Please help.
verynicelily
2010-12-23, 18:27
My PC is infected with a redirection virus - and possibly Internet Antivirys 2011. Windows Security Essentials scan & Malaware Bytes scan have not picked up anything. Spybot has picked up a number of threats but I can't remove them.
I enclose:
a) DDS log
DDS (Ver_10-12-12.02) - NTFSx86
Run by Thorpehousehold at 17:10:20.70 on 23/12/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.1052 [GMT 0:00]
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Thorpehousehold\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25570
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\thorpehousehold\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\users\thorpe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - c:\users\thorpe~1\appdata\roaming\mozilla\firefox\profiles\mewl2f0q.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - www.google.co.uk (http://www.google.co.uk)
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\thorpe~1\appdata\locallow\powerc~1\nppowerloader.dll
FF - plugin: c:\users\thorpehousehold\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\thorpehousehold\appdata\local\microsoft\internet explorer\downloaded program files\npsoe.dll
FF - plugin: c:\users\thorpehousehold\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\thorpehousehold\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\thorpehousehold\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ProCon Latte: {9D6218B8-03C7-4b91-AA43-680B305DD35C} - %profile%\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
FF - Ext: Met Office weather gadget: {1BCA7BD8-8977-11DC-A9BD-548555D89593} - %profile%\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 385536]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-23 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-23 160720]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-23 141792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-10 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-6 152320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-23 312584]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-21 234888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-31 133104]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-23 271480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-23 55456]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-6 51688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-23 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-6 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-6 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-23 17:02:28 -------- d-----w- c:\windows\ERUNT
2010-12-23 08:53:00 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b73cbefb-8148-48be-94b4-e30a0ec28204}\mpengine.dll
2010-12-23 08:42:12 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-12-23 08:42:11 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-12-23 08:42:11 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-23 08:42:11 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-12-23 08:42:11 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-12-23 08:42:11 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-12-23 08:42:11 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-12-23 08:42:11 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-23 08:42:11 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-12-23 08:42:11 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-12-23 08:42:11 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-12-23 08:42:11 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-12-23 08:41:26 -------- d-----w- c:\program files\Feedback Tool
2010-12-15 08:47:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-12-15 08:34:47 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-15 08:34:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 13:45:00 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-12-10 16:01:00 -------- d-----w- c:\users\thorpe~1\appdata\roaming\Malwarebytes
2010-12-10 16:00:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-10 16:00:53 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-10 16:00:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 16:00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-10 13:13:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-10 13:13:20 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-10 11:35:34 -------- d-----w- c:\progra~2\PC Tools
2010-12-09 20:48:26 -------- d-sh--w- c:\progra~2\IAHXECXRRSV
2010-12-09 20:47:21 -------- d-sh--w- c:\progra~2\1fc9bc
2010-12-09 13:37:56 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-12-04 11:42:17 -------- d-----w- c:\progra~2\Uniblue
2010-12-04 11:42:11 -------- d-----w- c:\users\thorpe~1\appdata\roaming\Uniblue
2010-11-24 15:42:17 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
==================== Find3M ====================
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 17:11:38.43 ===============
b) Zipped attachment ( I hope).
Thank you very much for your help.
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but we get a bit overwhelmed most times.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
verynicelily
2010-12-28, 12:45
Thank you very much for your help.
OTL.TXT LOG:
OTL logfile created on: 28/12/2010 11:31:13 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = c:\Users\Thorpehousehold\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 124.80 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.72 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Computer Name: THRIBBLE-PC | User Name: Thorpehousehold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25570
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 21:48:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 10:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 16:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 18:49:59 | 000,000,000 | ---D | M]
[2009/09/07 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Extensions
[2009/07/21 06:53:41 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/21 06:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/28 08:48:19 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions
[2009/12/31 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2010/04/27 20:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/07 20:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2010/12/23 17:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/21 16:41:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/01 22:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 05:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 21:11:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/05 17:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/08 20:38:28 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/08 20:38:28 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/08 20:38:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/08 20:38:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/12/09 21:50:47 | 000,002,811 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.149 www.google.com
O1 - Hosts: 204.152.194.149 google.com
O1 - Hosts: 204.152.194.149 google.com.au
O1 - Hosts: 204.152.194.149 www.google.com.au
O1 - Hosts: 204.152.194.149 google.be
O1 - Hosts: 204.152.194.149 www.google.be
O1 - Hosts: 204.152.194.149 google.com.br
O1 - Hosts: 204.152.194.149 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk = C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/28 10:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/27 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\My Backup Files
[2010/12/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Local\SoftThinks
[2010/12/26 22:33:40 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/12/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/12/26 22:31:14 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2010/12/26 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell DataSafe Local Backup
[2010/12/26 22:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/12/26 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/12/26 00:32:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/25 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\vlc
[2010/12/25 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/24 11:14:44 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/24 11:14:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/24 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 23:34:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2010/12/23 22:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/12/23 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/23 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/23 17:04:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/23 17:02:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2010/12/23 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/23 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\Desktop\GooredFix Backups
[2010/12/23 08:43:29 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/23 08:43:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/23 08:43:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/23 08:43:28 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/12/23 08:43:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/12/23 08:43:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/12/23 08:43:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/12/23 08:43:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/12/23 08:43:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/23 08:43:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/23 08:43:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/12/23 08:43:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/12/23 08:43:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/12/23 08:43:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/12/23 08:43:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/12/23 08:43:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/12/23 08:43:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/12/23 08:43:25 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/12/23 08:43:25 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/23 08:43:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/23 08:43:25 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/12/23 08:43:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/23 08:43:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/12/23 08:43:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/12/23 08:43:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/12/23 08:43:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/23 08:43:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2010/12/23 08:43:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/23 08:43:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/23 08:43:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/23 08:43:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/23 08:43:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/12/23 08:43:23 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/12/23 08:43:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/12/23 08:43:23 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/23 08:43:23 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/23 08:43:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/23 08:42:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/12/23 08:42:11 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/12/23 08:42:11 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/12/23 08:42:11 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2010/12/23 08:42:11 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/12/23 08:42:11 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/12/23 08:42:11 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2010/12/23 08:42:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2010/12/23 08:42:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/12/23 08:42:11 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/12/23 08:42:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/12/23 08:42:11 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/12/23 08:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/12/15 08:47:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/12/15 08:35:14 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 08:35:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 08:35:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 08:35:11 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 08:35:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 08:35:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 08:35:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 08:35:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 08:34:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/14 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/12/10 16:01:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Malwarebytes
[2010/12/10 16:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/10 16:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/10 16:00:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/10 16:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/10 11:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/09 20:48:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\IAHXECXRRSV
[2010/12/09 20:47:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\1fc9bc
[2010/12/08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/04 11:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/12/04 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/23 18:38:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Thorpehousehold\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/28 10:54:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/28 10:36:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 10:36:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 10:35:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000UA.job
[2010/12/28 10:22:56 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/28 10:19:23 | 102,785,539 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/28 08:37:48 | 000,001,994 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/28 08:37:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 08:36:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 08:36:34 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 21:45:21 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/25 19:52:39 | 000,608,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 19:52:39 | 000,109,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 15:07:32 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 23:56:55 | 000,000,766 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2010/12/24 23:50:53 | 000,000,680 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/12/24 11:35:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000Core.job
[2010/12/24 10:03:44 | 000,000,972 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:37:56 | 000,146,944 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:50:38 | 000,000,945 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/23 08:44:34 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2010/12/23 08:44:34 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2010/12/22 19:18:07 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 10:14:35 | 000,000,117 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences2.dat
[2010/12/22 10:14:35 | 000,000,041 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 11:18:22 | 000,025,088 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/15 09:09:33 | 000,417,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 08:47:04 | 002,206,802 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/14 13:45:00 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/12/13 22:22:58 | 001,521,766 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 15:32:28 | 000,000,106 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 12:06:54 | 000,512,992 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-155318.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153238.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153236.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153231.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153224.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153219.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153218.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153217.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153216.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153215.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153210.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153209.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153206.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153205.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153204.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153203.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153154.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153149.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/03 22:06:58 | 003,420,852 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:05 | 000,007,894 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/02 12:45:04 | 000,009,216 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Stewardship.doc
[2010/12/01 21:28:40 | 000,039,661 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/28 10:19:23 | 102,785,539 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/26 22:23:03 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/26 22:23:00 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/25 15:07:32 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 10:56:56 | 000,001,994 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/24 10:03:44 | 000,000,972 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:56:50 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:35:27 | 000,146,944 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:43:24 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/20 11:18:20 | 000,025,088 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/13 22:23:08 | 001,521,766 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 16:00:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 15:32:28 | 000,000,106 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | C] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 11:40:10 | 002,206,802 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/10 11:35:34 | 000,512,992 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/03 22:06:58 | 003,420,852 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:03 | 000,007,894 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/01 21:28:40 | 000,039,661 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[2010/06/17 15:17:24 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/23 19:00:09 | 000,001,188 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/03 08:44:30 | 000,000,680 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/03/30 13:57:56 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/03/05 13:53:18 | 000,010,574 | -HS- | C] () -- C:\Users\Thorpehousehold\AppData\Local\iRs2pG
[2010/01/06 12:45:09 | 000,000,114 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\usertrusted.pes
[2010/01/06 12:44:13 | 000,000,766 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2009/10/29 18:21:04 | 000,024,085 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\UserTile.png
[2009/10/21 20:38:03 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/09/12 06:29:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/20 18:14:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/18 23:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/06 14:50:40 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/04/08 17:55:25 | 000,118,784 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 10:23:54 | 000,000,271 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Static Library
[2009/04/04 07:13:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/03 07:28:56 | 000,000,750 | ---- | C] () -- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/04/02 08:59:24 | 000,008,248 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\en.ini
[2009/03/31 15:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009/03/31 15:50:59 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009/03/31 15:26:23 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/03/05 23:17:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/03/05 23:17:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/03/05 23:17:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/03/05 23:17:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/03/05 23:17:03 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/12/24 10:15:19 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2009/04/26 19:03:54 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/01 07:25:21 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Canon
[2010/05/23 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\COWON
[2009/04/16 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\GetRightToGo
[2009/10/12 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Merscom
[2009/04/04 07:21:03 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Nikon
[2009/10/14 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Oberonv1002
[2009/03/31 22:07:45 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\OpenOffice.org
[2010/04/06 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Opera
[2010/12/26 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/08/24 15:55:21 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Petroglyph
[2010/06/17 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\PrimoPDF
[2009/03/31 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\ScanSoft
[2010/07/12 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Smilebox
[2010/12/18 10:57:13 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Spotify
[2009/07/21 07:01:03 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\TweakNow RegCleaner
[2010/12/04 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/22 08:49:38 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Windows Live Writer
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/27 22:29:46 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/27 21:45:21 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:1D60AEC3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
verynicelily
2010-12-28, 12:46
EXTRAS.TXT LOG:
OTL Extras logfile created on: 28/12/2010 11:31:13 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = c:\Users\Thorpehousehold\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 124.80 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.72 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Computer Name: THRIBBLE-PC | User Name: Thorpehousehold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DFF1B4-7365-4706-8B9D-5764BBF71AE9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{083E38D6-7571-40E7-BBBF-56DCBDF52DCF}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{0AF7AC2A-23AF-4EDB-A0AB-47D1D3D020C5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1638DB24-49FC-4FB4-83A5-D22ACFFF51DB}" = protocol=17 | dir=in | app=c:\program files\talktalk\bin\sprtcmd.exe |
"{1C0C8FBB-A48F-4063-8140-6B99DD2C2A4E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{1C757AD7-92FA-4191-A134-7E3C31A003C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{285FDD56-7612-4BBA-BADE-3241199580F9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2F1B082C-2EC4-4D30-A619-17A4E2493514}" = protocol=17 | dir=in | app=c:\program files\talktalk\agent\bin\bcont_nm.exe |
"{3643EA95-F8CE-4CD6-A9C3-932E76CCA7DB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{385C91E2-84AA-4483-8024-4E784D366257}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{3DD83F9A-6E8A-4851-9955-755B280582D7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{495FA1FA-F055-464E-9750-2D5792BCA67C}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\tgsrvc.exe |
"{5739B211-191D-4AD6-964C-BB7432196776}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\tgsrvc.exe |
"{58B28F4A-0BE0-4F82-8B5D-C3CC12FE3D9D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{68C93A2C-AD03-4E65-B212-BA194706D46C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85E77817-B7C3-4888-A705-11A544A75BA1}" = protocol=6 | dir=in | app=c:\program files\talktalk\agent\bin\bcont.exe |
"{AB11A820-2DA0-4CFA-8692-52FC0F49B06F}" = protocol=6 | dir=in | app=c:\program files\talktalk\agent\bin\bcont_nm.exe |
"{AC303D4F-5DDB-4A16-B31F-D604D22A454C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C591F98D-D92D-4B0A-B53A-74D9903BF7A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE8F66A6-0E2B-4D97-88B7-7DF1878479CA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D26A83D5-30DB-456D-BC27-D84401166A99}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D4A199D6-66C4-4B84-9962-D59C5E544764}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E463633F-14B1-4E07-98BA-57744F750A61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EA9580DC-3015-4876-BAC0-E896CB5C9F32}" = protocol=6 | dir=in | app=c:\program files\talktalk\bin\sprtcmd.exe |
"{EAFD0989-81A7-4360-A935-C89F2F870B8C}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F80B16C9-5399-4F4C-AC22-2683C3F75493}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8A512DC-A871-49E8-94E3-81F070C136C5}" = protocol=17 | dir=in | app=c:\program files\talktalk\agent\bin\bcont.exe |
"{F950362F-8A94-4D95-982A-AAB818EECF1E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FDC985DA-5442-4D4C-A820-99811658E0EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"TCP Query User{68BDAB63-4ECB-4D78-921D-560657608C45}C:\program files\2x\applicationserver client\tsclient.exe" = protocol=6 | dir=in | app=c:\program files\2x\applicationserver client\tsclient.exe |
"TCP Query User{6E91E846-7CB0-4D9B-95CC-E59E43CA901E}C:\users\thorpehousehold\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\thorpehousehold\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{74DEF295-4F88-4F53-AF88-050F2E503F07}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7B9C0A0C-07ED-4593-98F3-6FEF7A75B2F8}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{8B47F563-2F77-4A82-9CC0-BFA5CB5C4945}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C167CC91-589E-406F-BC91-EEED7C2ACEBC}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{DEC4F47F-E11A-4288-B257-9C95179304FD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EC4974C8-34B1-4F73-ABDA-CF235CBFA0E3}C:\users\thorpehousehold\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe" = protocol=6 | dir=in | app=c:\users\thorpehousehold\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe |
"TCP Query User{ED3BEF5D-9768-4D40-AB09-B3F573A86D5C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EFA9255D-420E-42E9-A098-AE153D174C4B}C:\programdata\1fc9bc\ia1fc_289.exe" = protocol=6 | dir=in | app=c:\programdata\1fc9bc\ia1fc_289.exe |
"UDP Query User{25CEDDCF-32E9-4056-982D-490472AA2939}C:\users\thorpehousehold\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe" = protocol=17 | dir=in | app=c:\users\thorpehousehold\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe |
"UDP Query User{25DBDE75-88D8-476F-972D-DCB4E9C4AD6B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{34E0AEB5-6BE8-4AAD-B997-1732F025E727}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{76B86A3A-62A8-493C-96A6-ACCAD6AE3AE7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8927C4C5-0726-47C1-BFE5-611A27FB3346}C:\users\thorpehousehold\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\thorpehousehold\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{B00717FC-F42A-4EB0-A4D8-3CDE166BFFDE}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{BF4B81F6-2957-42D7-B8E3-6B5A209BB8A3}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{C520AE4B-1734-46B7-AB5B-63B6FEAFB0D5}C:\program files\2x\applicationserver client\tsclient.exe" = protocol=17 | dir=in | app=c:\program files\2x\applicationserver client\tsclient.exe |
"UDP Query User{DF24764E-F992-4846-83A4-4D8F03153B9F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EB5C1C91-38EA-4326-9CEF-17AB61D9BF63}C:\programdata\1fc9bc\ia1fc_289.exe" = protocol=17 | dir=in | app=c:\programdata\1fc9bc\ia1fc_289.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35825E98-FA23-41F7-AAA3-25BA5B86B5B7}" = 2X ApplicationServer and LoadBalancer Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116866250}" = Escape From Rosecliff Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117664753}" = Nat Geo Lost City of Z
"{830D40F7-7092-4418-BE17-F7F7899F2B41}" = e-Sword
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA8E52C7-8638-4AD6-B94E-53ED24EE5202}" = DesignPro 5 Lite Edition
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"320 SPACEC@M" = 320 SPACEC@M
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AVG" = AVG 2011
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BFGC" = Big Fish Games Client
"Canon iP4700 series User Registration" = Canon iP4700 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer2.0" = Coupon Printer
"Dell Support Center" = Dell Support Center
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{DA8E52C7-8638-4AD6-B94E-53ED24EE5202}" = DesignPro 5 Lite Edition
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"OS Mapbuilder - British Isles Edition_is1" = OS Mapbuilder - British Isles Edition 2.0
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 12.0" = RealPlayer
"Snowy Scenes Full Screen Saver" = Snowy Scenes Full Screen Saver
"Spotify" = Spotify
"TheSpringBox" = TheSpringBox
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Power Loader" = Power Challenge Game Plugin
"Smilebox" = Smilebox
"SOE-Clone Wars" = Clone Wars
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27/02/2010 05:43:35 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 27/02/2010 19:10:03 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 27/02/2010 19:17:08 | Computer Name = Thribble-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3952 (0xf70) Thread address : 0x77515E74 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\NOS\bin\getPlus_Helper.dll
by C:\Windows\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 28/02/2010 10:42:32 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 28/02/2010 16:46:19 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 01/03/2010 08:17:30 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 01/03/2010 12:03:55 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 01/03/2010 12:48:44 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 01/03/2010 17:41:03 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
Error - 02/03/2010 04:20:02 | Computer Name = Thribble-PC | Source = WinMgmt | ID = 10
Description =
[ Dell Events ]
Error - 27/12/2010 17:32:11 | Computer Name = Thribble-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 27/12/2010 17:32:11 | Computer Name = Thribble-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 27/12/2010 17:45:42 | Computer Name = Thribble-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
[ OSession Events ]
Error - 03/08/2010 12:06:00 | Computer Name = Thribble-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 608
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27/12/2010 17:18:49 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27/12/2010 17:18:49 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/12/2010 17:18:57 | Computer Name = Thribble-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 27/12/2010 17:20:54 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27/12/2010 17:20:54 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28/12/2010 04:37:07 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 28/12/2010 04:37:07 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28/12/2010 04:37:17 | Computer Name = Thribble-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 28/12/2010 04:39:13 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 28/12/2010 04:39:13 | Computer Name = Thribble-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Thank you.
Hi,
We have some junk to remove, your hosts file is infected. Before we remove anything let me give you a heads up on a few things.
1.
You have TWO AntiVirus programs running, AVG and McAfee, this is not good as they suck up system resources , cause other issues and degrade system performance, its always best to have just one, keep it updated and run a scan often. Your call but i need you to uninstall one of them. If AVG is the free version than I would remove that one.
2.
AskToolbar
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
This is your call to remove, there is no uninstall option ( nice people ) so we can include it in the fix , let me know
So uninstall one AV, let me know about ASK, reboot and run another scan with OTL and post a new log please
verynicelily
2010-12-28, 23:08
We didn't even know we were running McAfee as our initial free subscription (when we bought the PC) expired long ago. I searched for McAfee in the Start menu search box our PC and found Microsoft>Windows Mail>Local folders>Inbox>McAfee Anti 514. I also found something called Stinger 10101243. I think I have deleted both McAfee Anti 514 and Stinger as they no longer come up in the Start search.
Please do help us remove the ASK toolbar.
Will reboot now and post another log.
Thank you.
verynicelily
2010-12-28, 23:30
I have run another OTL scan but it has only produced an OTL.Txt log (not an Exras.txt log):
OTL logfile created on: 28/12/2010 22:22:12 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = c:\Users\Thorpehousehold\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 124.66 Gb Free Space | 43.28% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.72 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Computer Name: THRIBBLE-PC | User Name: Thorpehousehold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25570
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 21:48:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 10:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 16:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 18:49:59 | 000,000,000 | ---D | M]
[2009/09/07 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Extensions
[2009/07/21 06:53:41 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/21 06:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/28 08:48:19 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions
[2009/12/31 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2010/04/27 20:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/07 20:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2010/12/23 17:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/21 16:41:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/01 22:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 05:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 21:11:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/05 17:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/08 20:38:28 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/08 20:38:28 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/08 20:38:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/08 20:38:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/12/09 21:50:47 | 000,002,811 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.149 www.google.com
O1 - Hosts: 204.152.194.149 google.com
O1 - Hosts: 204.152.194.149 google.com.au
O1 - Hosts: 204.152.194.149 www.google.com.au
O1 - Hosts: 204.152.194.149 google.be
O1 - Hosts: 204.152.194.149 www.google.be
O1 - Hosts: 204.152.194.149 google.com.br
O1 - Hosts: 204.152.194.149 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk = C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/28 10:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/27 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\My Backup Files
[2010/12/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Local\SoftThinks
[2010/12/26 22:33:40 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/12/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/12/26 22:31:14 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2010/12/26 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell DataSafe Local Backup
[2010/12/26 22:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/12/26 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/12/26 00:32:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/25 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\vlc
[2010/12/25 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/24 11:14:44 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/24 11:14:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/24 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 23:34:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2010/12/23 22:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/12/23 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/23 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/23 17:04:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/23 17:02:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2010/12/23 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/23 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\Desktop\GooredFix Backups
[2010/12/23 08:43:29 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/23 08:43:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/23 08:43:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/23 08:43:28 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/12/23 08:43:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/12/23 08:43:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/12/23 08:43:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/12/23 08:43:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/12/23 08:43:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/23 08:43:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/23 08:43:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/12/23 08:43:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/12/23 08:43:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/12/23 08:43:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/12/23 08:43:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/12/23 08:43:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/12/23 08:43:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/12/23 08:43:25 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/12/23 08:43:25 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/23 08:43:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/23 08:43:25 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/12/23 08:43:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/23 08:43:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/12/23 08:43:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/12/23 08:43:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/12/23 08:43:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/23 08:43:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2010/12/23 08:43:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/23 08:43:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/23 08:43:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/23 08:43:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/23 08:43:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/12/23 08:43:23 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/12/23 08:43:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/12/23 08:43:23 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/23 08:43:23 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/23 08:43:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/23 08:42:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/12/23 08:42:11 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/12/23 08:42:11 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/12/23 08:42:11 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2010/12/23 08:42:11 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/12/23 08:42:11 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/12/23 08:42:11 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2010/12/23 08:42:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2010/12/23 08:42:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/12/23 08:42:11 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/12/23 08:42:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/12/23 08:42:11 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/12/23 08:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/12/15 08:47:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/12/15 08:35:14 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 08:35:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 08:35:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 08:35:11 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 08:35:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 08:35:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 08:35:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 08:35:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 08:34:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/14 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/12/10 16:01:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Malwarebytes
[2010/12/10 16:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/10 16:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/10 16:00:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/10 16:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/10 11:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/09 20:48:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\IAHXECXRRSV
[2010/12/09 20:47:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\1fc9bc
[2010/12/08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/04 11:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/12/04 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/23 18:38:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Thorpehousehold\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/28 22:11:12 | 000,001,994 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/28 22:10:46 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 22:10:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 22:10:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 22:10:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 22:10:21 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 21:54:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/28 21:35:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000UA.job
[2010/12/28 18:57:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/28 18:43:21 | 102,824,950 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/28 11:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000Core.job
[2010/12/28 10:22:56 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/25 19:52:39 | 000,608,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 19:52:39 | 000,109,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 15:07:32 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 23:56:55 | 000,000,766 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2010/12/24 23:50:53 | 000,000,680 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/12/24 10:03:44 | 000,000,972 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:37:56 | 000,146,944 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:50:38 | 000,000,945 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/23 08:44:34 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2010/12/23 08:44:34 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2010/12/22 19:18:07 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 10:14:35 | 000,000,117 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences2.dat
[2010/12/22 10:14:35 | 000,000,041 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 11:18:22 | 000,025,088 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/15 09:09:33 | 000,417,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 08:47:04 | 002,206,802 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/14 13:45:00 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/12/13 22:22:58 | 001,521,766 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 15:32:28 | 000,000,106 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 12:06:54 | 000,512,992 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-155318.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153238.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153236.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153231.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153224.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153219.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153218.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153217.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153216.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153215.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153210.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153209.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153206.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153205.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153204.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153203.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153154.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153149.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/03 22:06:58 | 003,420,852 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:05 | 000,007,894 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/02 12:45:04 | 000,009,216 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Stewardship.doc
[2010/12/01 21:28:40 | 000,039,661 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/28 18:43:21 | 102,824,950 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/26 22:23:03 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/26 22:23:00 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/25 15:07:32 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 10:56:56 | 000,001,994 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/24 10:03:44 | 000,000,972 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:56:50 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:35:27 | 000,146,944 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:43:24 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/20 11:18:20 | 000,025,088 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/13 22:23:08 | 001,521,766 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 16:00:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 15:32:28 | 000,000,106 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | C] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 11:40:10 | 002,206,802 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/10 11:35:34 | 000,512,992 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/03 22:06:58 | 003,420,852 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:03 | 000,007,894 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/01 21:28:40 | 000,039,661 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[2010/06/17 15:17:24 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/23 19:00:09 | 000,001,188 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/03 08:44:30 | 000,000,680 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/03/30 13:57:56 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/03/05 13:53:18 | 000,010,574 | -HS- | C] () -- C:\Users\Thorpehousehold\AppData\Local\iRs2pG
[2010/01/06 12:45:09 | 000,000,114 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\usertrusted.pes
[2010/01/06 12:44:13 | 000,000,766 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2009/10/29 18:21:04 | 000,024,085 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\UserTile.png
[2009/10/21 20:38:03 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/09/12 06:29:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/20 18:14:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/18 23:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/06 14:50:40 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/04/08 17:55:25 | 000,118,784 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 10:23:54 | 000,000,271 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Static Library
[2009/04/04 07:13:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/03 07:28:56 | 000,000,750 | ---- | C] () -- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/04/02 08:59:24 | 000,008,248 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\en.ini
[2009/03/31 15:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009/03/31 15:50:59 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009/03/31 15:26:23 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/03/05 23:17:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/03/05 23:17:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/03/05 23:17:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/03/05 23:17:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/03/05 23:17:03 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/12/24 10:15:19 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2009/04/26 19:03:54 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/01 07:25:21 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Canon
[2010/05/23 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\COWON
[2009/04/16 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\GetRightToGo
[2009/10/12 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Merscom
[2009/04/04 07:21:03 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Nikon
[2009/10/14 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Oberonv1002
[2009/03/31 22:07:45 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\OpenOffice.org
[2010/04/06 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Opera
[2010/12/26 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/08/24 15:55:21 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Petroglyph
[2010/06/17 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\PrimoPDF
[2009/03/31 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\ScanSoft
[2010/07/12 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Smilebox
[2010/12/18 10:57:13 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Spotify
[2009/07/21 07:01:03 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\TweakNow RegCleaner
[2010/12/04 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/22 08:49:38 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Windows Live Writer
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/28 22:09:23 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/28 18:57:17 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:1D60AEC3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Thanks very much.
Before we proceed, did you have a nice Christmas ????
What I would like you to do is run this tool from McAfee, it will remove all traces of there product. After you run it , reboot and run OTL again and post a new log, no need for the extras this time.
http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
verynicelily
2010-12-29, 00:00
Thank you, we are still celebrating the 12 days of Christmas. Hope you are able to do so whilst kindly helping us.
I am sorry but I cannot find a McAfee SecurityCenter product. I have looked in Programs and Features and the Start search. I followed your McAfee link and it led me to this page which I didn't really understand: http://forums.spybot.info/vbglossar.php?do=showentry&id=10
Go to Majorgeeks and download and run there removal tool
http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
verynicelily
2010-12-29, 00:50
Thanks for that.
OTL logfile created on: 28/12/2010 23:45:47 - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = c:\Users\Thorpehousehold\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 124.72 Gb Free Space | 43.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.72 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Computer Name: THRIBBLE-PC | User Name: Thorpehousehold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25570
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 21:48:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 10:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 23:40:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 18:49:59 | 000,000,000 | ---D | M]
[2009/09/07 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Extensions
[2009/07/21 06:53:41 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/21 06:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/28 08:48:19 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions
[2009/12/31 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2010/04/27 20:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/07 20:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2010/12/23 17:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/21 16:41:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/01 22:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 05:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 21:11:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/08 20:38:28 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/08 20:38:28 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/08 20:38:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/08 20:38:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/12/09 21:50:47 | 000,002,811 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.149 www.google.com
O1 - Hosts: 204.152.194.149 google.com
O1 - Hosts: 204.152.194.149 google.com.au
O1 - Hosts: 204.152.194.149 www.google.com.au
O1 - Hosts: 204.152.194.149 google.be
O1 - Hosts: 204.152.194.149 www.google.be
O1 - Hosts: 204.152.194.149 google.com.br
O1 - Hosts: 204.152.194.149 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk = C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/28 10:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/27 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\My Backup Files
[2010/12/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Local\SoftThinks
[2010/12/26 22:33:40 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/12/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/12/26 22:31:14 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2010/12/26 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell DataSafe Local Backup
[2010/12/26 22:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/12/26 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/12/26 00:32:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/25 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\vlc
[2010/12/25 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/24 11:14:44 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/24 11:14:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/24 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 23:34:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2010/12/23 22:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/12/23 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/23 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/23 17:04:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/23 17:02:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2010/12/23 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/23 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\Desktop\GooredFix Backups
[2010/12/23 08:43:29 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/23 08:43:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/23 08:43:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/23 08:43:28 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/12/23 08:43:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/12/23 08:43:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/12/23 08:43:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/12/23 08:43:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/12/23 08:43:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/23 08:43:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/23 08:43:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/12/23 08:43:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/12/23 08:43:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/12/23 08:43:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/12/23 08:43:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/12/23 08:43:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/12/23 08:43:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/12/23 08:43:25 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/12/23 08:43:25 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/23 08:43:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/23 08:43:25 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/12/23 08:43:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/23 08:43:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/12/23 08:43:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/12/23 08:43:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/12/23 08:43:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/23 08:43:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2010/12/23 08:43:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/23 08:43:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/23 08:43:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/23 08:43:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/23 08:43:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/12/23 08:43:23 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/12/23 08:43:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/12/23 08:43:23 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/23 08:43:23 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/23 08:43:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/23 08:42:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/12/23 08:42:11 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/12/23 08:42:11 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/12/23 08:42:11 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2010/12/23 08:42:11 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/12/23 08:42:11 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/12/23 08:42:11 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2010/12/23 08:42:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2010/12/23 08:42:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/12/23 08:42:11 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/12/23 08:42:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/12/23 08:42:11 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/12/23 08:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/12/15 08:47:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/12/15 08:35:14 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 08:35:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 08:35:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 08:35:11 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 08:35:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 08:35:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 08:35:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 08:35:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 08:34:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/14 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/12/10 16:01:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Malwarebytes
[2010/12/10 16:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/10 16:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/10 16:00:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/10 16:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/10 11:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/09 20:48:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\IAHXECXRRSV
[2010/12/09 20:47:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\1fc9bc
[2010/12/08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/04 11:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/12/04 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/23 18:38:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Thorpehousehold\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/28 23:43:35 | 000,001,994 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/28 23:43:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 23:42:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 23:42:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 23:42:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 23:42:44 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 23:35:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000UA.job
[2010/12/28 22:54:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/28 18:57:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/28 18:43:21 | 102,824,950 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/28 11:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000Core.job
[2010/12/28 10:22:56 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/25 19:52:39 | 000,608,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 19:52:39 | 000,109,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 15:07:32 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 23:56:55 | 000,000,766 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2010/12/24 23:50:53 | 000,000,680 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/12/24 10:03:44 | 000,000,972 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:37:56 | 000,146,944 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:50:38 | 000,000,945 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/23 08:44:34 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2010/12/23 08:44:34 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2010/12/22 19:18:07 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 10:14:35 | 000,000,117 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences2.dat
[2010/12/22 10:14:35 | 000,000,041 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 11:18:22 | 000,025,088 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/15 09:09:33 | 000,417,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 08:47:04 | 002,206,802 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/14 13:45:00 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/12/13 22:22:58 | 001,521,766 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 15:32:28 | 000,000,106 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 12:06:54 | 000,512,992 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-155318.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153238.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153236.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153231.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153224.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153219.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153218.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153217.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153216.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153215.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153210.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153209.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153206.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153205.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153204.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153203.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153154.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153149.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/03 22:06:58 | 003,420,852 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:05 | 000,007,894 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/02 12:45:04 | 000,009,216 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Stewardship.doc
[2010/12/01 21:28:40 | 000,039,661 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/28 18:43:21 | 102,824,950 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/26 22:23:03 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/26 22:23:00 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/25 15:07:32 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 10:56:56 | 000,001,994 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/24 10:03:44 | 000,000,972 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:56:50 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:35:27 | 000,146,944 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:43:24 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/20 11:18:20 | 000,025,088 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/13 22:23:08 | 001,521,766 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 16:00:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 15:32:28 | 000,000,106 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | C] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 11:40:10 | 002,206,802 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/10 11:35:34 | 000,512,992 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/03 22:06:58 | 003,420,852 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:03 | 000,007,894 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/01 21:28:40 | 000,039,661 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[2010/06/17 15:17:24 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/23 19:00:09 | 000,001,188 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/03 08:44:30 | 000,000,680 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/03/30 13:57:56 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/03/05 13:53:18 | 000,010,574 | -HS- | C] () -- C:\Users\Thorpehousehold\AppData\Local\iRs2pG
[2010/01/06 12:45:09 | 000,000,114 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\usertrusted.pes
[2010/01/06 12:44:13 | 000,000,766 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2009/10/29 18:21:04 | 000,024,085 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\UserTile.png
[2009/10/21 20:38:03 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/09/12 06:29:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/20 18:14:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/18 23:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/06 14:50:40 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/04/08 17:55:25 | 000,118,784 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 10:23:54 | 000,000,271 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Static Library
[2009/04/04 07:13:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/03 07:28:56 | 000,000,750 | ---- | C] () -- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/04/02 08:59:24 | 000,008,248 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\en.ini
[2009/03/31 15:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009/03/31 15:50:59 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009/03/31 15:26:23 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/03/05 23:17:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/03/05 23:17:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/03/05 23:17:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/03/05 23:17:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/03/05 23:17:03 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/12/24 10:15:19 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2009/04/26 19:03:54 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/01 07:25:21 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Canon
[2010/05/23 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\COWON
[2009/04/16 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\GetRightToGo
[2009/10/12 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Merscom
[2009/04/04 07:21:03 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Nikon
[2009/10/14 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Oberonv1002
[2009/03/31 22:07:45 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\OpenOffice.org
[2010/04/06 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Opera
[2010/12/26 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/08/24 15:55:21 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Petroglyph
[2010/06/17 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\PrimoPDF
[2009/03/31 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\ScanSoft
[2010/07/12 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Smilebox
[2010/12/18 10:57:13 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Spotify
[2009/07/21 07:01:03 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\TweakNow RegCleaner
[2010/12/04 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/22 08:49:38 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Windows Live Writer
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/28 23:41:56 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/28 18:57:17 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:1D60AEC3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25570
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-155318.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153238.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153236.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153231.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153224.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153219.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153218.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153217.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153216.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153215.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153210.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153209.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153206.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153205.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153204.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153203.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153154.backup
[2010/12/09 21:50:47 | 000,002,811 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-153149.backup
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
verynicelily
2010-12-29, 21:36
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-155318.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153238.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153236.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153231.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153224.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153219.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153218.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153217.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153216.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153215.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153210.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153209.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153206.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153205.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153204.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153203.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153154.backup not found.
File C:\Windows\System32\drivers\etc\hosts.20101210-153149.backup not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
verynicelily
2010-12-29, 21:43
OTL logfile created on: 29/12/2010 20:37:00 - Run 4
OTL by OldTimer - Version 3.2.18.0 Folder = c:\users\thorpehousehold\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 130.65 Gb Free Space | 45.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.72 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Computer Name: THRIBBLE-PC | User Name: Thorpehousehold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - c:\Users\Thorpehousehold\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 21:48:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 10:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 23:40:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 18:49:59 | 000,000,000 | ---D | M]
[2009/09/07 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Extensions
[2009/07/21 06:53:41 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/21 06:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/29 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions
[2009/12/31 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2010/04/27 20:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/07 20:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorpehousehold\AppData\Roaming\Mozilla\Firefox\Profiles\mewl2f0q.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2010/12/23 17:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/21 16:41:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/01 22:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 05:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 21:11:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/08 20:38:28 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/08 20:38:28 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/08 20:38:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/08 20:38:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/12/29 20:25:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk = C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (2X Software Ltd.)
O4 - Startup: C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/29 11:07:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/28 10:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/27 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\My Backup Files
[2010/12/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Local\SoftThinks
[2010/12/26 22:33:40 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/12/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/12/26 22:31:14 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2010/12/26 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell DataSafe Local Backup
[2010/12/26 22:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/12/26 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\PCDr
[2010/12/26 00:32:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/25 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\vlc
[2010/12/25 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/24 11:14:44 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/24 11:14:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/24 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG
[2010/12/23 23:34:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/23 22:58:26 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\AVG10
[2010/12/23 22:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/12/23 22:54:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/12/23 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/23 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/23 17:04:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/23 17:02:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2010/12/23 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/23 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\Desktop\GooredFix Backups
[2010/12/23 08:43:29 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/23 08:43:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/23 08:43:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/23 08:43:28 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/12/23 08:43:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/12/23 08:43:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/12/23 08:43:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/12/23 08:43:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/12/23 08:43:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/23 08:43:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/23 08:43:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/12/23 08:43:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/12/23 08:43:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/12/23 08:43:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/12/23 08:43:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/12/23 08:43:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/12/23 08:43:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/12/23 08:43:25 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/12/23 08:43:25 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/23 08:43:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/23 08:43:25 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/12/23 08:43:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/23 08:43:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/12/23 08:43:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/12/23 08:43:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/12/23 08:43:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/23 08:43:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2010/12/23 08:43:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/23 08:43:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/23 08:43:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/23 08:43:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/23 08:43:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/12/23 08:43:23 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/12/23 08:43:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/12/23 08:43:23 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/23 08:43:23 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/23 08:43:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/23 08:42:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/12/23 08:42:11 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/12/23 08:42:11 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/12/23 08:42:11 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2010/12/23 08:42:11 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/12/23 08:42:11 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/12/23 08:42:11 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2010/12/23 08:42:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2010/12/23 08:42:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/12/23 08:42:11 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/12/23 08:42:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/12/23 08:42:11 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/12/23 08:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/12/15 08:47:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/12/15 08:35:14 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 08:35:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 08:35:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 08:35:11 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 08:35:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 08:35:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 08:35:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 08:35:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 08:34:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/14 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/12/10 16:01:00 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Malwarebytes
[2010/12/10 16:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/10 16:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/10 16:00:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/10 16:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/10 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/10 11:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/09 20:48:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\IAHXECXRRSV
[2010/12/09 20:47:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\1fc9bc
[2010/12/08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/04 11:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/12/04 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Thorpehousehold\AppData\Roaming\Uniblue
[2009/07/23 18:38:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Thorpehousehold\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/29 20:35:01 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000UA.job
[2010/12/29 20:27:43 | 000,001,994 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/29 20:27:17 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 20:27:05 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 20:27:05 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 20:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/29 20:26:49 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/29 20:25:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/29 19:54:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 18:44:58 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/29 11:08:50 | 102,903,039 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/28 11:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525119050-2295363517-642445928-1000Core.job
[2010/12/28 10:22:56 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/27 08:01:13 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/25 19:52:39 | 000,608,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 19:52:39 | 000,109,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 15:07:32 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 23:56:55 | 000,000,766 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2010/12/24 23:50:53 | 000,000,680 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/12/24 10:03:44 | 000,000,972 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:37:56 | 000,146,944 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | M] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:50:38 | 000,000,945 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/23 08:44:34 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2010/12/23 08:44:34 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2010/12/22 19:18:07 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 10:14:35 | 000,000,117 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences2.dat
[2010/12/22 10:14:35 | 000,000,041 | ---- | M] () -- C:\Users\Thorpehousehold\jagex_runescape_preferences.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 11:18:22 | 000,025,088 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/15 09:09:33 | 000,417,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 08:47:04 | 002,206,802 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/14 13:45:00 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/12/13 22:22:58 | 001,521,766 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 15:32:28 | 000,000,106 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | M] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 12:06:54 | 000,512,992 | ---- | M] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/03 22:06:58 | 003,420,852 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:05 | 000,007,894 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/02 12:45:04 | 000,009,216 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Stewardship.doc
[2010/12/01 21:28:40 | 000,039,661 | ---- | M] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[1 C:\Users\Thorpehousehold\Documents\*.tmp files -> C:\Users\Thorpehousehold\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/29 11:08:50 | 102,903,039 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/26 22:23:03 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/26 22:23:00 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/25 15:07:32 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/12/24 10:56:56 | 000,001,994 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk
[2010/12/24 10:03:44 | 000,000,972 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\AVG PC Tuneup 2011.lnk
[2010/12/23 22:56:50 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/23 22:38:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/23 22:35:27 | 000,146,944 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Christmas Card List.doc
[2010/12/23 17:23:48 | 000,000,456 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Attach.zip
[2010/12/23 17:01:59 | 000,000,915 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/23 17:01:41 | 000,000,735 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\NTREGOPT.lnk
[2010/12/23 17:01:41 | 000,000,716 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\ERUNT.lnk
[2010/12/23 08:43:24 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/20 11:18:20 | 000,025,088 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Family_Integrated_Worship[1].doc
[2010/12/13 22:23:08 | 001,521,766 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\bbc_iplayer_desktop_v3010.air
[2010/12/10 16:00:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 15:32:28 | 000,000,106 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/10 13:13:36 | 000,001,081 | ---- | C] () -- C:\Users\Thorpehousehold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/10 13:13:36 | 000,001,057 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\Spybot - Search & Destroy.lnk
[2010/12/10 11:40:10 | 002,206,802 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/10 11:35:34 | 000,512,992 | ---- | C] () -- C:\Users\Thorpehousehold\Desktop\sdsetup[1].exe
[2010/12/03 22:06:58 | 003,420,852 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\James Jordan Through New Eyes.pdf
[2010/12/03 13:44:03 | 000,007,894 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\BudgetBrain.odt
[2010/12/01 21:28:40 | 000,039,661 | ---- | C] () -- C:\Users\Thorpehousehold\Documents\Theodore Roosevelt The Bible and The Life Of The People.pdf
[2010/06/17 15:17:24 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/23 19:00:09 | 000,001,188 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/03 08:44:30 | 000,000,680 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\d3d9caps.dat
[2010/03/30 13:57:56 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/03/05 13:53:18 | 000,010,574 | -HS- | C] () -- C:\Users\Thorpehousehold\AppData\Local\iRs2pG
[2010/01/06 12:45:09 | 000,000,114 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\usertrusted.pes
[2010/01/06 12:44:13 | 000,000,766 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\launcher.exe.ico
[2009/10/29 18:21:04 | 000,024,085 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\UserTile.png
[2009/10/21 20:38:03 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/09/12 06:29:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/20 18:14:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/18 23:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/06 14:50:40 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/04/08 17:55:25 | 000,118,784 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 10:23:54 | 000,000,271 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2009/04/04 07:13:43 | 000,000,268 | RH-- | C] () -- C:\Users\Thorpehousehold\AppData\Roaming\Static Library
[2009/04/04 07:13:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/03 07:28:56 | 000,000,750 | ---- | C] () -- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/04/02 08:59:24 | 000,008,248 | ---- | C] () -- C:\Users\Thorpehousehold\AppData\Local\en.ini
[2009/03/31 15:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009/03/31 15:50:59 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009/03/31 15:26:23 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/03/05 23:17:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/03/05 23:17:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/03/05 23:17:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/03/05 23:17:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/03/05 23:17:03 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:1D60AEC3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Thank you for your continued help. Sorry about delays in replying: family commitments and time difference here in
the U.K.
Thank you for your continued help. Sorry about delays in replying: family commitments and time difference here in
the U.K. Not a problem, live in the NE part of the US and have been shoveling snow for two days :rolleyes:
Looks like the fix took. Things should be running better now ??
You have Malwarebytes installed, open it, check for updates and run the Quick Scan and post the log please.
Then run this free online virus scanner and post the log also.
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
verynicelily
2010-12-29, 22:54
Yes, thank you, things seem to be working much better now. I will run the ESET scan and follow this with the log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5419
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406
29/12/2010 21:46:20
mbam-log-2010-12-29 (21-46-20).txt
Scan type: Quick scan
Objects scanned: 151316
Time elapsed: 5 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\thorpehousehold\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
verynicelily
2010-12-30, 01:00
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
You should be able to find the compete log here, only post it if it found threats.
C:\Program Files\EsetOnlineScanner\log.txt
How are things running now ?
verynicelily
2010-12-30, 12:23
Sorry, this is the only log I can find. I was rather disappointed myself, having waited about 2 hours for the scan results. Will run another scan and see what happens. Thanks for your patience.
You can try this one in lew of ESET
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
verynicelily
2010-12-30, 22:04
I have tried to run this a few times and failed. I have accepted terms & conditions, I also tried disabling AVG in case that was the problem. The page says program download is in progress, but it isn't. Please could you suggest something. Thank you.
verynicelily
2010-12-30, 22:37
Have just managed to run IE as administrator so Kaspersky has downloaded and database updated. However, I can't get on to the scan section from the Update page to select "My Computer". After download completed a little box popped up called "Message from webpage". It had a yellow warning triangle with exclamation mark, a "0" next to the triangle and an "OK" box, which I clicked. Nothing happened. Please advise.
These online scans are finicky, they run well on some systems and not at all on others.
Try this one
http://www.pandasecurity.com/activescan/index/
Let me know in general how your system is running now
verynicelily
2010-12-31, 14:14
I managed to install this, began the scan but it stopped after about 5% with an error message. I tried to uninstall and start again, but now when I go to the Panda page it seems to assume I have the components installed. I click on Scan and a page pops up to tell me my browsers are not compatible with ActiveScan. I don't think that's the case as it had started to scan on my first attempt. So sorry this is proving difficult.
Make sure your using Internet Explorer, but if it wont run dont worry about it.
How are things running now, any more redirects, unwanted pop up windows ?
verynicelily
2010-12-31, 22:08
I've tried using Internet Explorer but it still tells me I need to use Internet Explorer!
PC is working much better now - no redirection, no pop ups.
Happy New Year,
I think your good to go. Been a pleasure helping you :)
Open OTL and click on Cleanup and it will remove most of the tools we use to clean your system along with there backups.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
verynicelily
2011-01-02, 23:48
Thank you so much for your help on this. You have been very kind to give your time and expertise, especially at this time of year. It is much appreciated.
Your very welcome,
Take care,
Ken :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.