I think that I have a malware infection. AVG antivirus was unable to update, but scans find no problems. I was able to install another antivirus program, Avast, and it updates to current definitions, but still finds no problems.

I have noticed the last 2 days that windows automatic updates will not download and I cannot access automatic updates setup through control panel.

I have downloaded ERUNT and backed up the system registry.

I downloaded DDS, but when I tried to run it I get only an error message that

"This tool does not support your opperating system"
"press any key to continue..._"

When I press a key the DDS window closes.

I would greatly appreciate any help that you can offer. Thank you.

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Malware maybe preventing DDS to run, but you didn't say what your operating system is ???


Try running this program

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Thanks for your help.

My Operating system is Windows XP Professional 64 bit.

OTL seems to have run fine. The logs are posted below.


OTL logfile created on: 1/7/2011 9:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Nathan_2\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 42.66 Gb Total Space | 9.57 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
Drive D: | 42.66 Gb Total Space | 23.51 Gb Free Space | 55.10% Space Free | Partition Type: NTFS
Drive E: | 42.67 Gb Total Space | 39.54 Gb Free Space | 92.67% Space Free | Partition Type: NTFS
Drive F: | 24.67 Gb Total Space | 19.51 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive G: | 662.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 58.59 Gb Total Space | 20.83 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive I: | 58.59 Gb Total Space | 18.97 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: NATHAN-HOME-PC | User Name: Nathan_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\Nathan_2\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - H:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - H:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe (Microsoft Corporation)
PRC - H:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - H:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - H:\WINDOWS\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)


========== Modules (SafeList) ==========

MOD - H:\Documents and Settings\Nathan_2\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - H:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll (Microsoft Corporation)
MOD - H:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)
MOD - H:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)
MOD - H:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)
MOD - H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (xmlprov) -- H:\WINDOWS\SysNative\xmlprov.dll File not found
SRV:64bit: - (WZCSVC) -- H:\WINDOWS\SysNative\wzcsvc.dll File not found
SRV:64bit: - (wuauserv) -- H:\WINDOWS\SysNative\wuauserv.dll File not found
SRV:64bit: - (Wmi) -- H:\WINDOWS\SysNative\advapi32.dll File not found
SRV:64bit: - (WebUpdate4) -- H:\WINDOWS\SysNative\WebUpdateSvc4.exe File not found
SRV:64bit: - (UPS) -- H:\WINDOWS\SysNative\ups.exe File not found
SRV:64bit: - (TlntSvr) -- H:\WINDOWS\SysNative\tlntsvr.exe File not found
SRV:64bit: - (SysmonLog) -- H:\WINDOWS\SysNative\smlogsvc.exe File not found
SRV:64bit: - (srservice) -- H:\WINDOWS\SysNative\srsvc.dll File not found
SRV:64bit: - (SCardSvr) -- H:\WINDOWS\SysNative\SCardSvr.exe File not found
SRV:64bit: - (RDSessMgr) -- H:\WINDOWS\SysNative\sessmgr.exe File not found
SRV:64bit: - (PlugPlay) -- H:\WINDOWS\SysNative\services.exe File not found
SRV:64bit: - (NtmsSvc) -- H:\WINDOWS\SysNative\ntmssvc.dll File not found
SRV:64bit: - (NetDDEdsdm) -- H:\WINDOWS\SysNative\netdde.exe File not found
SRV:64bit: - (NetDDE) -- H:\WINDOWS\SysNative\netdde.exe File not found
SRV:64bit: - (mnmsrvc) -- H:\WINDOWS\SysNative\mnmsrvc.exe File not found
SRV:64bit: - (Messenger) -- H:\WINDOWS\SysNative\msgsvc.dll File not found
SRV:64bit: - (ImapiService) -- H:\WINDOWS\SysNative\imapi.exe File not found
SRV:64bit: - (HTTPFilter) -- H:\WINDOWS\SysNative\w3ssl.dll File not found
SRV:64bit: - (Eventlog) -- H:\WINDOWS\SysNative\services.exe File not found
SRV:64bit: - (ERSvc) -- H:\WINDOWS\SysNative\ersvc.dll File not found
SRV:64bit: - (dmserver) -- H:\WINDOWS\SysNative\dmserver.dll File not found
SRV:64bit: - (dmadmin) -- H:\WINDOWS\SysNative\dmadmin.exe File not found
SRV:64bit: - (ClipSrv) -- H:\WINDOWS\SysNative\clipsrv.exe File not found
SRV:64bit: - (CiSvc) -- H:\WINDOWS\SysNative\cisvc.exe File not found
SRV:64bit: - (Ati HotKey Poller) -- H:\WINDOWS\SysNative\Ati2evxx.exe File not found
SRV:64bit: - (AppMgmt) -- H:\WINDOWS\SysNative\appmgmts.dll File not found
SRV:64bit: - (Alerter) -- H:\WINDOWS\SysNative\alrsvc.dll File not found
SRV:64bit: - (avast! Web Scanner) -- H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AVG Security Toolbar Service) -- H:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9wd) -- H:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- H:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Amazon Download Agent) -- H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (FLEXnet Licensing Service) -- H:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeActiveFileMonitor7.0) -- H:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WebUpdate4) -- H:\WINDOWS\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
SRV - (helpsvc) -- H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- H:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpdUsb) -- H:\WINDOWS\SysNative\DRIVERS\wpdusb.sys File not found
DRV:64bit: - (wdmaud) -- H:\WINDOWS\SysNative\drivers\wdmaud.sys File not found
DRV:64bit: - (Update) -- H:\WINDOWS\SysNative\DRIVERS\update.sys File not found
DRV:64bit: - (sysaudio) -- H:\WINDOWS\SysNative\drivers\sysaudio.sys File not found
DRV:64bit: - (swmidi) -- H:\WINDOWS\SysNative\drivers\swmidi.sys File not found
DRV:64bit: - (sr) -- H:\WINDOWS\SysNative\DRIVERS\sr.sys File not found
DRV:64bit: - (splitter) -- H:\WINDOWS\SysNative\drivers\splitter.sys File not found
DRV:64bit: - (RTL8023x64) Realtek 10/100/1000 PCI NIC Family NDIS XP(x64) -- H:\WINDOWS\SysNative\DRIVERS\Rtnic64.sys File not found
DRV:64bit: - (redbook) -- H:\WINDOWS\SysNative\DRIVERS\redbook.sys File not found
DRV:64bit: - (Raspti) -- H:\WINDOWS\SysNative\DRIVERS\raspti.sys File not found
DRV:64bit: - (PxHlpa64) -- H:\WINDOWS\SysNative\Drivers\PxHlpa64.sys File not found
DRV:64bit: - (Ptilink) -- H:\WINDOWS\SysNative\DRIVERS\ptilink.sys File not found
DRV:64bit: - (PSched) -- H:\WINDOWS\SysNative\DRIVERS\psched.sys File not found
DRV:64bit: - (P1764) -- H:\WINDOWS\SysNative\drivers\P1764.sys File not found
DRV:64bit: - (ossrv) -- H:\WINDOWS\SysNative\DRIVERS\ctoss2k.sys File not found
DRV:64bit: - (NIC1394) -- H:\WINDOWS\SysNative\DRIVERS\nic1394.sys File not found
DRV:64bit: - (kmixer) -- H:\WINDOWS\SysNative\drivers\kmixer.sys File not found
DRV:64bit: - (IPSec) -- H:\WINDOWS\SysNative\DRIVERS\ipsec.sys File not found
DRV:64bit: - (IpInIp) -- H:\WINDOWS\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (Ip6Fw) -- H:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found
DRV:64bit: - (imapi) -- H:\WINDOWS\SysNative\DRIVERS\imapi.sys File not found
DRV:64bit: - (Gpc) -- H:\WINDOWS\SysNative\DRIVERS\msgpc.sys File not found
DRV:64bit: - (Ftdisk) -- H:\WINDOWS\SysNative\DRIVERS\ftdisk.sys File not found
DRV:64bit: - (dmload) -- H:\WINDOWS\SysNative\drivers\dmload.sys File not found
DRV:64bit: - (dmio) -- H:\WINDOWS\SysNative\drivers\dmio.sys File not found
DRV:64bit: - (dmboot) -- H:\WINDOWS\SysNative\drivers\dmboot.sys File not found
DRV:64bit: - (ctsfm2k) -- H:\WINDOWS\SysNative\DRIVERS\ctsfm2k.sys File not found
DRV:64bit: - (CdaD10BA) -- H:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys File not found
DRV:64bit: - (CdaC15BA) -- H:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys File not found
DRV:64bit: - (AvgTdiA) -- H:\WINDOWS\SysNative\Drivers\avgtdia.sys File not found
DRV:64bit: - (AvgMfx64) -- H:\WINDOWS\SysNative\Drivers\avgmfx64.sys File not found
DRV:64bit: - (AvgLdx64) -- H:\WINDOWS\SysNative\Drivers\avgldx64.sys File not found
DRV:64bit: - (audstub) -- H:\WINDOWS\SysNative\DRIVERS\audstub.sys File not found
DRV:64bit: - (Atmarpc) -- H:\WINDOWS\SysNative\DRIVERS\atmarpc.sys File not found
DRV:64bit: - (AtiHdmiService) -- H:\WINDOWS\SysNative\drivers\AtiHdmi.sys File not found
DRV:64bit: - (ati2mtag) -- H:\WINDOWS\SysNative\DRIVERS\ati2mtag.sys File not found
DRV:64bit: - (aswMonFlt) -- H:\WINDOWS\SysNative\drivers\aswMonFlt.sys File not found
DRV:64bit: - (Arp1394) -- H:\WINDOWS\SysNative\DRIVERS\arp1394.sys File not found
DRV:64bit: - (aec) -- H:\WINDOWS\SysNative\drivers\aec.sys File not found
DRV - (gdrv) -- H:\WINDOWS\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (mnmdd) -- H:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.umn.edu/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www1.umn.edu/twincities/index.php"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.6.9
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b873044&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: H:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/24 08:54:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: H:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/26 12:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 12:50:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/05 12:50:32 | 000,000,000 | ---D | M]

[2008/08/28 05:31:21 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Extensions
[2011/01/06 13:30:28 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions
[2010/07/04 13:45:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/05 13:29:38 | 000,000,000 | ---D | M] (Integrated Gmail) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010/06/30 05:12:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/05 10:02:34 | 000,000,000 | ---D | M] (Move Media Player) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\moveplayer@movenetworks.com
[2008/04/12 19:55:34 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\o4qdcc3a.default\extensions
[2010/12/28 11:49:09 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/24 08:54:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- H:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/10/26 12:49:56 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- H:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/03/28 02:26:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- H:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- H:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] H:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [avast5] H:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] H:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [OpwareSE4] H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] H:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: H:\Documents and Settings\Nathan_2\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = H:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umn.edu ([tc.liblink] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umn.edu ([www.sciencedirect.com.floyd.lib] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208057520689 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - H:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop WallPaper: H:\Documents and Settings\Nathan_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Nathan_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/04 05:39:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/14 10:32:04 | 000,000,000 | R--D | M] - G:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2007/06/14 17:23:01 | 000,263,744 | R--- | M] (Firaxis Games) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/07/17 11:11:01 | 000,006,299 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2d4c007d-9154-11dd-8f37-001d7dd97749}\Shell - "" = AutoRun
O33 - MountPoints2\{2d4c007d-9154-11dd-8f37-001d7dd97749}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d4c007d-9154-11dd-8f37-001d7dd97749}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5ff54f46-08c9-11dd-9e10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ff54f46-08c9-11dd-9e10-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ff54f46-08c9-11dd-9e10-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2007/06/14 17:23:01 | 000,263,744 | R--- | M] (Firaxis Games)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 12:50:29 | 000,000,000 | -HSD | C] -- H:\Config.Msi
[2011/01/05 10:19:00 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT
[2011/01/05 10:18:20 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\ERUNT
[2011/01/05 10:18:20 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/05 09:12:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Nathan_2\Application Data\Malwarebytes
[2011/01/05 09:10:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/05 09:10:52 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/05 06:43:38 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Sun
[2011/01/05 06:43:38 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Java
[2011/01/05 06:43:19 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\deployJava1.dll
[2011/01/05 06:43:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\javaws.exe
[2011/01/05 06:43:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\javaw.exe
[2011/01/05 06:43:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\java.exe
[2011/01/02 22:55:50 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Spybot - Search & Destroy
[2011/01/02 22:55:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/30 16:52:14 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2010/12/30 16:51:57 | 000,167,592 | ---- | C] (AVAST Software) -- H:\WINDOWS\SysWow64\aswBoot.exe
[2010/12/30 16:51:57 | 000,038,848 | ---- | C] (AVAST Software) -- H:\WINDOWS\avastSS.scr
[2010/12/30 16:51:54 | 000,000,000 | ---D | C] -- H:\Program Files\Alwil Software
[2010/12/30 16:51:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/03/05 15:30:18 | 001,694,728 | ---- | C] (Microsoft Corporation) -- H:\Program Files (x86)\Common Files\dsetup32.dll
[2008/03/05 15:30:18 | 000,527,880 | ---- | C] (Microsoft Corporation) -- H:\Program Files (x86)\Common Files\DXSETUP.exe
[2008/03/05 15:30:18 | 000,097,288 | ---- | C] (Microsoft Corporation) -- H:\Program Files (x86)\Common Files\DSETUP.dll
[2002/04/11 00:41:06 | 000,065,536 | ---- | C] ( ) -- H:\WINDOWS\SysWow64\A3d.dll
[6 H:\WINDOWS\SysWow64\*.tmp files -> H:\WINDOWS\SysWow64\*.tmp -> ]
[3 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 21:02:00 | 000,000,990 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-645611912-2415833549-507389382-1003UA.job
[2011/01/07 15:02:00 | 000,000,938 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-645611912-2415833549-507389382-1003Core.job
[2011/01/05 16:29:32 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/01/05 16:20:43 | 000,000,752 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\010511.csv
[2011/01/05 10:39:09 | 000,000,956 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2011/01/05 10:18:29 | 000,000,797 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/05 10:18:22 | 000,000,622 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Desktop\ERUNT.lnk
[2011/01/01 08:50:16 | 000,001,759 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/01/01 08:47:56 | 000,002,309 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Desktop\Google Chrome.lnk
[2011/01/01 08:47:56 | 000,002,287 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/30 16:52:14 | 000,001,684 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 16:52:08 | 000,000,000 | ---- | M] () -- H:\WINDOWS\SysWow64\config.nt
[2010/12/29 17:59:46 | 000,011,743 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\building roster.xlsx
[2010/12/28 06:32:30 | 000,010,244 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\Please attach to the back of the vehicle.docx
[2010/12/17 07:20:37 | 000,380,928 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\addresses.mdb
[2010/12/13 10:56:17 | 000,000,292 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2010/12/13 10:56:16 | 000,000,031 | ---- | M] () -- H:\WINDOWS\WebUpdateSvc4.INI
[6 H:\WINDOWS\SysWow64\*.tmp files -> H:\WINDOWS\SysWow64\*.tmp -> ]
[3 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 16:20:43 | 000,000,752 | ---- | C] () -- H:\Documents and Settings\Nathan_2\My Documents\010511.csv
[2011/01/05 10:18:29 | 000,000,797 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/05 10:18:22 | 000,000,622 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Desktop\ERUNT.lnk
[2011/01/05 09:42:21 | 000,296,448 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Desktop\gmer.exe
[2011/01/01 08:50:16 | 000,001,759 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/12/30 16:52:14 | 000,001,684 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 16:52:08 | 000,000,000 | ---- | C] () -- H:\WINDOWS\SysWow64\config.nt
[2010/12/28 06:32:30 | 000,010,244 | ---- | C] () -- H:\Documents and Settings\Nathan_2\My Documents\Please attach to the back of the vehicle.docx
[2009/06/24 09:08:57 | 000,000,290 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2009/01/18 22:24:35 | 000,111,944 | ---- | C] () -- H:\WINDOWS\SysWow64\TPActiveX.dll
[2008/11/15 18:14:34 | 000,004,608 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/13 08:46:38 | 000,000,292 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2008/10/13 08:46:38 | 000,000,031 | ---- | C] () -- H:\WINDOWS\WebUpdateSvc4.INI
[2008/04/14 08:39:38 | 000,000,157 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Application Data\ntl.ini
[2008/04/13 19:51:26 | 000,001,953 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Application Data\ntl.nws
[2008/04/13 10:24:57 | 000,040,960 | ---- | C] () -- H:\WINDOWS\SysWow64\IPPCPUID.DLL
[2008/04/13 10:24:42 | 000,011,776 | ---- | C] () -- H:\WINDOWS\SysWow64\pmsbfn32.dll
[2008/04/13 10:23:04 | 000,000,428 | ---- | C] () -- H:\WINDOWS\MAXLINK.INI
[2008/04/12 20:13:36 | 000,541,752 | ---- | C] () -- H:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/04/12 14:14:16 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2008/03/05 15:30:20 | 001,805,306 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx9_36_x64.cab
[2008/03/05 15:30:20 | 001,773,110 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx9_37_x64.cab
[2008/03/05 15:30:20 | 001,712,608 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx9_36_x86.cab
[2008/03/05 15:30:20 | 001,446,530 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx9_37_x86.cab
[2008/03/05 15:30:20 | 001,413,862 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_d3dx9_31_x64.cab
[2008/03/05 15:30:20 | 001,128,177 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_d3dx9_31_x86.cab
[2008/03/05 15:30:20 | 000,867,848 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx10_36_x64.cab
[2008/03/05 15:30:20 | 000,807,132 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx10_36_x86.cab
[2008/03/05 15:30:20 | 000,254,442 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XAudio_x64.cab
[2008/03/05 15:30:20 | 000,229,498 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XAudio_x86.cab
[2008/03/05 15:30:20 | 000,200,010 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_XACT_x64.cab
[2008/03/05 15:30:20 | 000,183,321 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_XACT_x64.cab
[2008/03/05 15:30:20 | 000,151,512 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_XACT_x86.cab
[2008/03/05 15:30:20 | 000,138,977 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_XACT_x86.cab
[2008/03/05 15:30:20 | 000,125,584 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XACT_x64.cab
[2008/03/05 15:30:20 | 000,096,982 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XACT_x86.cab
[2008/03/05 15:30:20 | 000,086,925 | ---- | C] () -- H:\Program Files (x86)\Common Files\Oct2005_xinput_x64.cab
[2008/03/05 15:30:20 | 000,058,306 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_X3DAudio_x64.cab
[2008/03/05 15:30:20 | 000,049,392 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_X3DAudio_x64.cab
[2008/03/05 15:30:20 | 000,046,247 | ---- | C] () -- H:\Program Files (x86)\Common Files\Oct2005_xinput_x86.cab
[2008/03/05 15:30:20 | 000,025,115 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_X3DAudio_x86.cab
[2008/03/05 15:30:20 | 000,021,744 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_X3DAudio_x86.cab
[2008/03/05 15:30:18 | 013,265,040 | ---- | C] () -- H:\Program Files (x86)\Common Files\dxnt.cab
[2008/03/05 15:30:18 | 001,803,760 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx9_35_x64.cab
[2008/03/05 15:30:18 | 001,711,752 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx9_35_x86.cab
[2008/03/05 15:30:18 | 001,611,374 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx9_34_x64.cab
[2008/03/05 15:30:18 | 001,610,958 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx9_33_x64.cab
[2008/03/05 15:30:18 | 001,610,886 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx9_34_x86.cab
[2008/03/05 15:30:18 | 001,609,639 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx9_33_x86.cab
[2008/03/05 15:30:18 | 001,575,336 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx9_32_x86.cab
[2008/03/05 15:30:18 | 001,572,114 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx9_32_x64.cab
[2008/03/05 15:30:18 | 001,363,684 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_d3dx9_29_x64.cab
[2008/03/05 15:30:18 | 001,358,864 | ---- | C] () -- H:\Program Files (x86)\Common Files\Dec2005_d3dx9_28_x64.cab
[2008/03/05 15:30:18 | 001,351,430 | ---- | C] () -- H:\Program Files (x86)\Common Files\Aug2005_d3dx9_27_x64.cab
[2008/03/05 15:30:18 | 001,336,890 | ---- | C] () -- H:\Program Files (x86)\Common Files\Jun2005_d3dx9_26_x64.cab
[2008/03/05 15:30:18 | 001,248,387 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2005_d3dx9_24_x64.cab
[2008/03/05 15:30:18 | 001,156,363 | ---- | C] () -- H:\Program Files (x86)\Common Files\BDANT.cab
[2008/03/05 15:30:18 | 001,085,608 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_d3dx9_29_x86.cab
[2008/03/05 15:30:18 | 001,080,344 | ---- | C] () -- H:\Program Files (x86)\Common Files\Dec2005_d3dx9_28_x86.cab
[2008/03/05 15:30:18 | 001,078,532 | ---- | C] () -- H:\Program Files (x86)\Common Files\Aug2005_d3dx9_27_x86.cab
[2008/03/05 15:30:18 | 001,065,813 | ---- | C] () -- H:\Program Files (x86)\Common Files\Jun2005_d3dx9_26_x86.cab
[2008/03/05 15:30:18 | 001,014,113 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2005_d3dx9_24_x86.cab
[2008/03/05 15:30:18 | 000,976,020 | ---- | C] () -- H:\Program Files (x86)\Common Files\BDAXP.cab
[2008/03/05 15:30:18 | 000,855,886 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx10_35_x64.cab
[2008/03/05 15:30:18 | 000,848,132 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx10_37_x64.cab
[2008/03/05 15:30:18 | 000,821,508 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx10_37_x86.cab
[2008/03/05 15:30:18 | 000,800,467 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx10_35_x86.cab
[2008/03/05 15:30:18 | 000,702,644 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx10_34_x64.cab
[2008/03/05 15:30:18 | 000,702,212 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx10_33_x64.cab
[2008/03/05 15:30:18 | 000,702,072 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx10_34_x86.cab
[2008/03/05 15:30:18 | 000,699,465 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx10_33_x86.cab
[2008/03/05 15:30:18 | 000,213,767 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx10_00_x64.cab
[2008/03/05 15:30:18 | 000,201,696 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,200,722 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,199,366 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,198,275 | ---- | C] () -- H:\Program Files (x86)\Common Files\FEB2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,193,435 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,192,680 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx10_00_x86.cab
[2008/03/05 15:30:18 | 000,183,863 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,181,745 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,179,247 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,156,612 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,156,509 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,154,825 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,151,583 | ---- | C] () -- H:\Program Files (x86)\Common Files\FEB2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,146,559 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,138,195 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,134,631 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,133,991 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,133,297 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,100,417 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_xinput_x64.cab
[2008/03/05 15:30:18 | 000,097,396 | ---- | C] () -- H:\Program Files (x86)\Common Files\dxupdate.cab
[2008/03/05 15:30:18 | 000,088,102 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_xinput_x64.cab
[2008/03/05 15:30:18 | 000,087,989 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_xinput_x64.cab
[2008/03/05 15:30:18 | 000,056,902 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_xinput_x86.cab
[2008/03/05 15:30:18 | 000,047,596 | ---- | C] () -- H:\Program Files (x86)\Common Files\dxdllreg_x86.cab
[2008/03/05 15:30:18 | 000,047,018 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_xinput_x86.cab
[2008/03/05 15:30:18 | 000,046,898 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_xinput_x86.cab
[2008/03/05 15:30:16 | 004,163,518 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_MDX1_x86_Archive.cab
[2008/03/05 15:30:16 | 001,398,718 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_d3dx9_30_x64.cab
[2008/03/05 15:30:16 | 001,348,242 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2005_d3dx9_25_x64.cab
[2008/03/05 15:30:16 | 001,116,109 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_d3dx9_30_x86.cab
[2008/03/05 15:30:16 | 001,079,850 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2005_d3dx9_25_x86.cab
[2008/03/05 15:30:16 | 000,917,318 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_MDX1_x86.cab
[2008/03/05 15:30:16 | 000,180,021 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_XACT_x64.cab
[2007/02/18 06:00:00 | 001,278,464 | ---- | C] () -- H:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- H:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- H:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- H:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- H:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- H:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- H:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- H:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- H:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- H:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- H:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- H:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- H:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- H:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- H:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- H:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- H:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- H:\WINDOWS\SysWow64\msdxmlc.dll
[2005/05/03 10:38:42 | 000,064,512 | ---- | C] () -- H:\WINDOWS\SysWow64\P17.dll
[2005/01/03 10:10:44 | 000,319,488 | ---- | C] () -- H:\WINDOWS\SysWow64\DLXAPI32.DLL
[2003/10/02 09:48:18 | 000,053,248 | ---- | C] () -- H:\WINDOWS\SysWow64\P17CPI.dll

========== LOP Check ==========

[2010/12/30 16:51:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/05 16:17:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Amazon
[2010/10/26 12:50:01 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/05/25 14:05:59 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG7
[2010/02/25 20:21:36 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\avg9
[2008/04/12 20:35:25 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/12/14 16:05:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\espionServerData
[2008/04/12 22:09:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/05 16:18:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\HipSoft
[2009/09/29 10:12:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Merscom
[2008/04/13 10:22:59 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/20 17:47:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\StatTransfer9
[2009/05/19 14:14:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/26 22:22:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Zylom
[2008/06/05 05:49:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Amazon
[2008/05/08 14:57:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Canon
[2008/11/23 21:52:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\GARMIN
[2008/12/06 17:23:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\HDRsoft
[2009/09/29 10:12:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Merscom
[2008/04/18 08:32:42 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\My Games
[2008/04/14 19:47:01 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Netscape
[2008/04/13 10:30:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\NewSoft
[2008/04/13 10:23:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\ScanSoft
[2008/04/12 20:56:29 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Thunderbird
[2011/01/05 23:02:00 | 000,032,524 | ---- | M] () -- H:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 1/7/2011 9:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Nathan_2\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 42.66 Gb Total Space | 9.57 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
Drive D: | 42.66 Gb Total Space | 23.51 Gb Free Space | 55.10% Space Free | Partition Type: NTFS
Drive E: | 42.67 Gb Total Space | 39.54 Gb Free Space | 92.67% Space Free | Partition Type: NTFS
Drive F: | 24.67 Gb Total Space | 19.51 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive G: | 662.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 58.59 Gb Total Space | 20.83 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive I: | 58.59 Gb Total Space | 18.97 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: NATHAN-HOME-PC | User Name: Nathan_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- H:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- H:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [open] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avginet.exe" = H:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgupd.exe" = H:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgemc.exe" = H:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe" = H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe:*:Disabled:Navigator -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla.org)
"H:\Program Files (x86)\Mozilla Firefox\firefox.exe" = H:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"H:\Program Files (x86)\Java\jre6\bin\javaws.exe" = H:\Program Files (x86)\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"H:\Program Files (x86)\AVG\AVG9\avgupd.exe" = H:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = H:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\Java\jre6\bin\java.exe" = H:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avginet.exe" = H:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgupd.exe" = H:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgemc.exe" = H:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe" = H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe:*:Disabled:Navigator -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla.org)
"H:\Program Files (x86)\Mozilla Firefox\firefox.exe" = H:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"H:\Program Files (x86)\Java\jre6\bin\javaws.exe" = H:\Program Files (x86)\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"H:\Program Files (x86)\AVG\AVG9\avgupd.exe" = H:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = H:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\Java\jre6\bin\java.exe" = H:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FF9188A-595B-7AF3-EE61-9E94A96411F9}" = ccc-utility64
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ATI Display Driver" = ATI Display Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{024729A3-6BE9-F0DD-E6C4-A95CF7159A1C}" = CCC Help Thai
"{03E26CB2-2D09-EE9E-7C42-F9EDDBA61292}" = Catalyst Control Center Localization Portuguese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1114F843-609B-E030-D9E9-D4BE7772B36C}" = Catalyst Control Center Localization Czech
"{17F2ACCF-309D-2B41-3D40-A3F569F57EDA}" = CCC Help Finnish
"{1D893CF9-2C8D-3B98-457D-EB5F3578BC30}" = CCC Help Italian
"{1DD34CAF-3E11-B6F8-70CD-D281DFA7CA52}" = Skins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2105D2A8-6360-6AB2-1889-95286C9E1757}" = Catalyst Control Center Localization Italian
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{2B0838A1-05EB-A135-550A-84CE19A4FB8B}" = Catalyst Control Center Localization Norwegian
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32A41613-DBF2-8AD3-244C-E9CC9C9B630D}" = CCC Help Chinese Traditional
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39C3617A-C7AC-EDF0-DD71-77A1AF8ACD4B}" = CCC Help Portuguese
"{39FDE6F8-5D02-EC16-967E-3D36AE3D9C4E}" = Catalyst Control Center Graphics Full Existing
"{41C77DAD-7A71-9108-442A-0D134D75AF48}" = CCC Help Spanish
"{4413D70B-5617-3718-B3DB-E83E9F2A20C9}" = CCC Help Hungarian
"{450DA020-DB18-E288-31C3-3B3F872A776E}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E544E75-4FC7-5224-9C37-3D2831CDB017}" = Catalyst Control Center Localization Russian
"{567D03AD-B75E-0F08-087B-13C1FF67C7D7}" = Catalyst Control Center Graphics Full New
"{5F1B0D76-AFC0-6382-C507-D61E0D4CD3DC}" = Catalyst Control Center Core Implementation
"{62834027-0A20-19E2-8ADA-8AC11DA07723}" = CCC Help Russian
"{63A9FB11-2708-7EAE-4AE4-765115E4151D}" = CCC Help Turkish
"{66CB0251-AB0E-5D30-4A04-7C9F9F26B7EE}" = Catalyst Control Center Localization Turkish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68C37F3D-2038-A60A-3DC4-60CAC421CF15}" = CCC Help Japanese
"{6A1DA78D-8895-3411-5954-3DE90EB4839A}" = CCC Help Chinese Standard
"{6E9087C5-4D61-8AE6-0972-3C7A0BAC64D7}" = Catalyst Control Center Localization Finnish
"{706A3FF0-1EA1-3FF0-69A5-DE0B22F5230A}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E033C3-D3EB-ECAA-7815-2C7DBBDF1AF3}" = Catalyst Control Center Localization Spanish
"{78F4F3F8-6ED5-34AD-CAD2-AC6127729138}" = CCC Help Swedish
"{7CC7F961-1F31-39AD-8423-8E9220676B2E}" = CCC Help Polish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889BCCBD-8C77-8D09-9BDF-DE6210E70AF2}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF1BF2B-FA5E-1A95-60DB-F28CB2070FBC}" = Catalyst Control Center Localization Greek
"{8BEA6A31-651C-C4DC-E174-561BB14120B3}" = Catalyst Control Center Localization French
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{948B21FA-48AF-AA3E-9770-02625F0108AC}" = Catalyst Control Center Localization Swedish
"{972826C4-7E9D-F0DA-1EA9-B2D223722370}" = CCC Help Czech
"{98E8285F-6B11-4ABD-15BA-2A369C3FDD86}" = Catalyst Control Center Localization Hungarian
"{A0794C57-D8F2-5423-CA67-384D45EB382B}" = CCC Help Danish
"{A41A8666-3EC8-51B2-2927-493FBA5CE2B5}" = CCC Help French
"{A828F8F2-BD8C-6F85-7280-0D252D34AC5D}" = Catalyst Control Center Localization Thai
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}" = PassAlong Software
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
"{B2F2C082-77FD-6C2C-2EC8-FBB852B8B51A}" = CCC Help Korean
"{BA235311-3EA5-83C7-F0E4-3FFED48A3110}" = ccc-core-preinstall
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFB450D8-BCCB-C608-C2D3-2F863B0A1A09}" = CCC Help Dutch
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CB99356B-F8B6-EE9B-806F-57E58CDB8A49}" = Catalyst Control Center Graphics Light
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2C811DF-7927-A826-DD0A-F4BD7756A09B}" = Catalyst Control Center Localization Chinese Standard
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D30125D5-23F3-BD39-DE6B-6483E21F34C1}" = Catalyst Control Center Localization Chinese Traditional
"{D6D2D227-3431-82D1-08CA-D48F7D5B12FF}" = Catalyst Control Center Localization Polish
"{D7CC2103-F5A3-E151-F2E9-C94513A47F3F}" = Catalyst Control Center Localization Dutch
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ECDD7BD7-AA20-A0EC-C91A-34FDB52E171B}" = CCC Help German
"{F5461972-F6A5-853A-1B4B-F5AD2CB78A89}" = Catalyst Control Center Localization Japanese
"{F68A5AEF-061D-0A49-D440-C54D96496CE8}" = ccc-core-static
"{F7B37275-A11B-0B97-6F69-038E9569002E}" = Catalyst Control Center Localization Korean
"{FF04C032-D077-4E74-4BBD-B44B0C82CD2D}" = Catalyst Control Center Localization German
"{FFA07CE3-8ABF-F029-657D-422FDAE76594}" = Catalyst Control Center Localization Danish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSNINST" = MSN
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.2
"Stat/Transfer" = Stat/Transfer Nine
"Web Games Player Plugin" = Web Games Player Plugin
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"Write-N-Cite" = Write-N-Cite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2010 2:48:47 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avg_free_stb_all_2011_1136_upgrade.exe, version
10.0.0.1136, faulting module avg_free_stb_all_2011_1136_upgrade.exe, version 10.0.0.1136,
fault address 0x00009d8b.

Error - 10/20/2010 2:49:08 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avg_free_stb_all_2011_1136_upgrade.exe, version
10.0.0.1136, faulting module avg_free_stb_all_2011_1136_upgrade.exe, version 10.0.0.1136,
fault address 0x00009d8b.

Error - 10/20/2010 2:49:16 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1001
Description = Fault bucket -2146196568.

Error - 10/26/2010 4:53:29 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application Stata-64.exe, version 321.11.1.701, hang module
hungapp, version 0.0.0.0, hang address 0x0000000000000000.

Error - 10/26/2010 4:54:02 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 23745227.

Error - 10/30/2010 1:55:46 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2010 8:54:32 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2010 12:12:14 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avast.setup, version 5.0.0.0, faulting module
ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 12/31/2010 12:12:58 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1001
Description = Fault bucket 1437815387.

Error - 1/5/2011 8:22:13 AM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avast.setup, version 5.0.0.0, faulting module
ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

[ System Events ]
Error - 1/1/2011 10:49:24 AM | Computer Name = NATHAN-HOME-PC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2289158).

Error - 1/5/2011 8:35:45 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 8:35:45 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 10:59:54 AM | Computer Name = NATHAN-HOME-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001D7DD97749 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/5/2011 11:00:13 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 11:00:13 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:13:03 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:13:03 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:41:23 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:41:23 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >

Lets run this program and see what it finds and removes


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

For some reason Malware bytes won't install properly. Tried downloading from each site but during installation I get the pop-up window that says

H:\Documents and Settings\...\rules.ref

A file is corrupted. Press ignore to skip (Not recommended) or Abort to cancel installation.

I pressed Ignore to continue with installation.

When Malwarebytes updates I get another pop up message:
"The current database is not supported by this version of Malwarebytes. Please download the latest version of the program"

I clicked OK to close the box

Then the same box pops up again. I am guessing when the computer tries to run Malwarebytes.

I get the same message when I try to start Malwarebytes from the start menu.

Why do you have H set as your main drive ?

Try this one in lew of Malwarebytes.

Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

I'm not entirely sure why H was set as the system drive, but the guy who built the system for me about 4 years ago did assign H:/ as the system drive.

SuperAntiSpyware won't install. The file seems to download and save but it won't install when I try to open it. It doesn't pull up warnings or anything, it just runs and runs and runs with nothing happening.

Hi,

Lets see if there is a rootkit involved

Scan With RootKitUnHooker


Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.


Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

It looks like something is preventing it from running again.

I can download or download and unzip the installer, but when I try to run the installer I get an error box that pops up.

This time it says "Error loading driver, NTSTATUS code: 0xC000036B"

I click okay and it is done.

Your running 64 bit Windows, some of these programs most likely wont run on 64bit.

Lets try this online virus scanner


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Here is the ESETscan log produced

H:\Documents and Settings\Nathan_2\Local Settings\Temp\jar_cache1716828560100141979.tmp probably a variant of Java/TrojanDownloader.OpenStream.NAO trojan
H:\Documents and Settings\Nathan_2\Local Settings\Temp\jar_cache7127897087604961354.tmp probably a variant of Java/TrojanDownloader.OpenStream.NAO trojan

Those bad entries where found in your Java Cache


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

http://i24.photobucket.com/albums/c30/ken545/Atribune.jpg




I need to look further as to why none of these programs will run.

When starting ATF cleaner I get a message the my operating system is currently unsupported.

Right Click on My Computer and click on Properties and on the General Tab tell me what it shows for your operating system

Microsoft Windows XP Professional x64 Edition version 2003 Service Pack 2

Hi,

What I am seeing on your log are two Antivirus, AVG 9 and Avast, you only need one, more can cause issues possibly what your experiencing now. I would suggest uninstalling AVG9.

Google Chrome may also hinder downloads and maybe corrupting the files as you download them . You may want to uninstall Chrome also

Do this and then lets try running some programs again

I have uninstalled AVG 9 and Google Chrome.

Which program would you like me to run first?

Windows Automatic updates now say that I have updates ready to install. Should I do this now or wait?

Go for it

This is what you have
XP x64 is really a version of Server 2003, they share common code. This is not your usually home computer operating system. Most of our tools will not run on server 2003.

You have Firefox installed, you can use it to download programs we may need

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Double click to run.
*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.





Download the HostsXpert 4.3 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).

Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper left corner.
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.





Then drag the set up copy of Malwarebytes to the trash and download a fresh copy and see if it will install and run

Windows Automatic updater installed 9 updates.

I did the flush.bat and the HostXpert.

MalwareBytes installed and updated just fine.

I ran the quick scan the log is posted below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5489

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

1/9/2011 3:37:02 PM
mbam-log-2011-01-09 (15-37-02).txt

Scan type: Quick scan
Objects scanned: 191018
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Great. Tell me what your experiencing now that may have you think your infected ?

My primary problem was that Windows updates wouldn't load, Antivirus updates wouldn't load and other programs in general would not update (Acrobat reader, Flash player). It seems as though that is working now.

The only thing that seems irregular to me, it may be perfectly fine, is when I check gmail (www.gmail.com) Firefox keeps loading stuff. I look at the bottom of the Firefox window and I get a constant stream of transferring data, waiting for, etc. that don't seem to be related to gmail. I don't know if that makes sense at all and it may simply be a gmail thing.

I appreciate your help so far.

Is there anything to do about the flags raised by ESET scanner? I think you noted that they were in the Java cache?

You can try this, it may be laid out a bit differently on your system but it should be there

1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.





See if you can run this program

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

I cleared the java cache according to the directions that you listed.

I was able to run Goored. Here is the log

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:05 on 10/01/2011 (Nathan_2)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

H:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:19 16/04/2008]

H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\
moveplayer@movenetworks.com [16:02 05/04/2009]
{20a82645-c095-46ed-80e3-08825760534b} [19:45 04/07/2010]
{28197867-b1ef-4140-8e3b-55c45b9c8460} [19:29 05/01/2011]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [11:12 30/06/2010]

H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\o4qdcc3a.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:11 22/08/2009]
"jqs@sun.com"="H:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff" [04:54 11/01/2011]

-=E.O.F=-

Any better ?

I still see a lot of data moving when I go to my gmail.

gmail loads normally then Firefox acts like it is continually being refreshed. at the bottom of the window I see downloading from or waiting for and a rapid succession of random files. Most seem to be blogspot, flickr, wordpress, feedburner, or quantserve. I don't use any of those websites so I don't know why it would ever be downloading anything from there.

I only see those messages when I am on my gmail so I don't know if they are happening at other times as well or if it is specific to gmail.

The sites that are loading may just be putting tracking cookies on your system, you can try opening up Firefox and go to Tools. Privacy and remove them.

http://forums.mozillazine.org/viewforum.php?f=38
You can try posting here with help removing and blocking cookies, let me know how it went

Ken :)

I deleted all cookies in Firefox and also checked my Windows firewall.

There was an exception for google that I removed.

I don't have the file transfers when I check email now.

Everything seems to be updating as it should.

Things seem to be pretty much back to normal.

That's great, thanks for getting back to me and letting me know. Bookmark that Firefox forum and use it for any browser issues you may have in the future.


Open OTL and click on Cleanup and it will remove most of the tools we used to clean your system



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.