View Full Version : Malware removal problems
strawberry77
2011-02-17, 00:53
Having the following problems:
site redirection in both Chrome and Firefox
game sites, blank pages(eclick in url box) among others
pop-ups for survey completion before getting to site intended(Must close browser!)
Windows update - just hangs
cannot update SBS+D, error message
cannot uninstall AVG - error, uninstall request ignored!(not sure if connected issue)
Have run Malwarebites- found 9 items were removed.(have not re-run)(saved a log but can't find it now!)
Have run Adaware- found nothing
Here is the log thingy, I hope I am doing this correctly.
Thank you for any help you can offer.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Al&Marianne at 17:27:59.05 on Wed 02/16/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.876 [GMT -5:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CSHelper.exe
C:\Program Files\Dicter\DicterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Al&Marianne\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Al&Marianne\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://h10025.www1.hp.com/ewfrf/wc/documentSubCategory?tmp_rule=17997&lc=en&dlc=en&cc=us&lang=en&softwareitem=mp-62866-1&os=2093&product=3635399
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [<NO NAME>]
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTExMjk5MDg2LVQxNy1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMg"&"prod=90"&"ver=10.0.1204
StartupFolder: c:\users\al&mar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\al&marianne\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
StartupFolder: c:\users\al&mar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\al&mar~1\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=KpNijdyD&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\users\al&marianne\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\al&marianne\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\al&marianne\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\al&marianne\appdata\roaming\mozilla\firefox\profiles\6fenrigl.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\al&marianne\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\al&marianne\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: PriceBlink: info@priceblink.com - %profile%\extensions\info@priceblink.com
FF - Ext: eMusic Toolbar: {9ee802e8-c931-47ab-b570-aa8f791598ca} - %profile%\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=KpNijdyD&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-8 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]
=============== Created Last 30 ================
2011-02-16 11:59:03 -------- d-----w- c:\users\al&mar~1\appdata\roaming\Malwarebytes
2011-02-16 11:58:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-16 11:58:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-16 11:58:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-16 11:58:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 06:52:05 -------- d-----w- c:\users\al&mar~1\appdata\roaming\Avira
2011-02-15 05:47:00 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-15 05:46:58 -------- d-----w- c:\program files\Avira
2011-02-15 05:46:58 -------- d-----w- c:\progra~2\Avira
2011-02-14 20:13:21 -------- d-----w- c:\progra~2\InstallMate
2011-02-14 20:04:03 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-13 00:32:19 -------- d-----w- c:\program files\TeamViewer
2011-02-12 17:42:59 -------- d-----w- c:\program files\common files\Software Update Utility
2011-02-06 01:47:53 -------- d-----w- c:\program files\Paint.NET
2011-02-06 01:46:17 -------- d-----w- c:\users\al&mar~1\appdata\local\Paint.NET
2011-02-02 23:43:15 -------- d-----w- c:\users\al&mar~1\appdata\local\PackageAware
2011-01-31 21:45:25 -------- d-----w- c:\program files\iPod
2011-01-27 21:22:43 -------- d-----w- c:\progra~2\WD_SmartWareCommon
2011-01-27 20:16:24 -------- d-----w- c:\users\al&mar~1\appdata\local\Western_Digital
2011-01-27 20:09:01 -------- d-----w- c:\program files\Western Digital
2011-01-26 02:16:24 -------- d-----w- C:\Nancy Drew
2011-01-21 19:23:42 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2011-01-21 18:35:24 -------- d-----w- c:\program files\Microsoft
2011-01-21 18:35:22 -------- d-----w- c:\program files\MSN Toolbar
2011-01-21 18:34:56 -------- d-----w- c:\program files\Bing Bar Installer
2011-01-21 18:29:39 -------- d-----w- c:\program files\common files\HP
2011-01-21 18:26:59 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2011-01-21 18:19:59 454504 ----a-w- c:\windows\system32\hpzids01.dll
2011-01-21 18:19:58 970752 ----a-w- c:\windows\system32\hpwtiop4.dll
2011-01-21 18:19:58 718336 ----a-w- c:\windows\system32\hpwwiax5.dll
2011-01-21 18:19:57 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-01-21 18:19:57 294912 ----a-w- c:\windows\system32\hpovst11.dll
2011-01-21 17:40:21 -------- d-----w- c:\users\al&mar~1\appdata\roaming\eTeks
==================== Find3M ====================
2010-12-27 23:51:35 150 ----a-w- C:\Delme.bat
2010-12-14 21:32:19 645120 ----a-w- C:\~GLHTTP1.TMP
2010-12-14 21:32:05 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
============= FINISH: 17:30:03.76 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Looks like you have both avira and AVG anti virus installed, not good, using a great amount of system resources and will cause other problems, its best to have just one , keep it updated and run scans on a regular basis. Your call but you need to uninstall one via Programs and Features in the Control Panel. Do this now
Open Malwarebytes and go to the report tab and copy and paste the log into this thread for me to see
strawberry77
2011-02-18, 00:39
AVG stopped working correctly...it is disabled right now...so that is why I started using AVIRA. AVG will not uninstall that is why I disabled it. I don't know how to fix that situation or if it is related to the malware infestation.
Here is the MB log. Thank you very much for your help.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
2/16/2011 8:57:10 AM
mbam-log-2011-02-16 (08-56-35).txt
Scan type: Quick scan
Objects scanned: 174569
Time elapsed: 10 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B469590C-3F8C-454A-A707-78AD43574109}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B469590C-3F8C-454A-A707-78AD43574109}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C94F39EB-67AD-4BD1-9296-475ED149C5FB}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.149,93.188.160.29) Good: () -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\fb_reg20091108.log (KoobFace.Trace) -> No action taken.
Hi,
You have some serious infections that Malwarebytes found but you had it set to TAKE NO ACTION, you need to open Malwarebytes, check for updates and run the Quick Scan and remove all it finds , then post the new log.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
strawberry77
2011-02-18, 07:56
Here is the newly run MB log file.
Thank you for your assistance.
I await your instructions.
hMalwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5789
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
2/18/2011 12:31:20 AM
mbam-log-2011-02-18 (00-31-20).txt
Scan type: Quick scan
Objects scanned: 181864
Time elapsed: 19 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Go ahead and run OTL and post the log
strawberry77
2011-02-18, 17:17
Here are the OTL logs-FYI-about 20 seconds into the scan the program froze(not responding)then unfroze after 10 secs or so, I don't know if it did it again or not, I wasn't watching the whole time.
OTL logfile created on: 2/18/2011 9:47:37 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 43.00 Gb Free Space | 19.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive G: | 930.86 Gb Total Space | 850.30 Gb Free Space | 91.35% Space Free | Partition Type: NTFS
Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Al&Marianne\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CSHelper.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Al&Marianne\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
========== Win32 Services (SafeList) ==========
SRV - (CLTNetCnService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (DicterUpdateService) -- C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (rcmirror) -- C:\Windows\System32\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://h10025.www1.hp.com/ewfrf/wc/documentSubCategory?tmp_rule=17997&lc=en&dlc=en&cc=us&lang=en&softwareitem=mp-62866-1&os=2093&product=3635399
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/05 15:49:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/31 09:31:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 13:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 13:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 15:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 22:21:15 | 000,000,000 | ---D | M]
[2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions
[2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions
[2011/01/18 10:04:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/18 10:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2010/07/31 13:02:27 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
[2010/09/15 19:44:22 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 14:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(421)
[2009/10/29 12:40:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/30 11:06:53 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\info@priceblink.com
[2009/03/22 17:06:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\moveplayer@movenetworks.com
[2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/19 22:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/08/15 21:42:10 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/08/24 14:42:59 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml
O1 HOSTS File: ([2011/02/15 00:26:17 | 000,249,908 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8711 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
O24 - Desktop BackupWallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{630d4bea-982a-11df-96ff-001aa0976877}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/17 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/02/17 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Assemblage
[2011/02/17 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Pictures of decorated pot
[2011/02/17 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Creche pics
[2011/02/16 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Log files
[2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/16 06:59:03 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Malwarebytes
[2011/02/16 06:58:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/16 06:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/16 06:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/16 06:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/16 06:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/15 21:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/15 21:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/15 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011/02/15 01:52:05 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Avira
[2011/02/15 00:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/15 00:47:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/15 00:47:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/15 00:47:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/14 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/02/14 15:04:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/14 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/12 19:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/02/12 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/12 12:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/02/05 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/02/05 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Paint.NET
[2011/02/02 19:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/02/02 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\PackageAware
[2011/01/31 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/31 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/27 16:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2011/01/27 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Western_Digital
[2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/01/25 21:16:24 | 000,000,000 | ---D | C] -- C:\Nancy Drew
[2011/01/21 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/21 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/01/21 13:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/01/21 13:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/21 13:26:59 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l02t.dll
[2011/01/21 13:25:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/01/21 13:19:59 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/01/21 13:19:58 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll
[2011/01/21 13:19:58 | 000,718,336 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll
[2011/01/21 13:19:57 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/01/21 13:19:57 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
[2011/01/21 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
[2 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/18 09:27:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 08:43:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/02/18 08:43:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/18 08:43:08 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 08:43:08 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 08:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/18 08:43:00 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/17 22:29:52 | 000,028,160 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
[2011/02/17 19:57:21 | 000,072,080 | ---- | M] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
[2011/02/17 14:46:14 | 000,618,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/17 14:46:14 | 000,108,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/16 17:23:37 | 000,000,915 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/16 17:22:54 | 000,000,716 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
[2011/02/16 09:16:03 | 000,000,000 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
[2011/02/16 06:58:55 | 000,000,932 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/16 01:07:29 | 106,219,812 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/16 00:22:36 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/15 22:55:49 | 000,000,602 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/15 00:39:55 | 000,001,111 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/15 00:39:55 | 000,001,087 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Spybot - Search & Destroy.lnk
[2011/02/15 00:26:17 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/14 15:04:00 | 000,001,033 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/14 15:04:00 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/12 12:43:17 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
[2011/02/12 12:43:15 | 000,001,731 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/12 12:43:15 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/02/11 21:28:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/31 16:46:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/27 15:10:10 | 000,001,284 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/01/27 15:10:10 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/22 10:54:32 | 000,352,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/21 14:58:57 | 000,011,264 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Haldane.doc
[2011/01/21 14:25:56 | 000,228,975 | ---- | M] () -- C:\Windows\hpwins23.dat
[2011/01/21 13:34:44 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/21 13:32:04 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/01/20 17:13:44 | 000,001,635 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/02/17 19:57:19 | 000,072,080 | ---- | C] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
[2011/02/16 17:23:37 | 000,000,915 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/16 17:22:54 | 000,000,716 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
[2011/02/16 06:58:55 | 000,000,932 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/15 22:55:49 | 000,000,602 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/14 15:04:00 | 000,001,033 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/14 15:04:00 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/12 19:32:44 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/02/05 20:50:18 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/01/31 16:46:55 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/27 15:10:10 | 000,001,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/01/27 15:10:10 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/22 11:50:08 | 000,028,160 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
[2011/01/21 14:25:51 | 000,001,106 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\ConvAPIPlugin.log
[2011/01/21 13:35:38 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/01/21 13:35:04 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/01/21 13:34:44 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/21 13:32:59 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/01/21 13:32:04 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/01/28 13:06:03 | 000,024,206 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\UserTile.png
[2010/01/18 15:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/12/14 16:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
[2009/08/03 21:41:21 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/22 22:30:51 | 000,000,134 | ---- | C] () -- C:\Windows\QTW.INI
[2009/06/05 21:03:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/28 12:10:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2008/03/05 15:52:11 | 000,001,668 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/27 00:52:37 | 000,062,254 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/19 15:27:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2008/01/05 15:57:42 | 000,000,680 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\d3d9caps.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/12 16:23:11 | 000,002,582 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\wklnhst.dat
[2007/10/12 11:06:59 | 000,796,312 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
[2007/10/10 13:18:18 | 000,161,280 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 16:02:46 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/06 16:02:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== LOP Check ==========
[2010/12/27 22:21:40 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Ableton
[2010/09/10 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\acccore
[2007/11/14 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Aim
[2008/12/28 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Amazon
[2010/10/31 19:02:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Armagetron
[2010/09/29 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\AVG10
[2011/02/14 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Azureus
[2009/07/31 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive
[2010/04/21 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CheckPoint
[2010/07/22 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eMusic
[2011/01/21 12:40:21 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
[2010/06/18 10:23:55 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Facebook
[2010/09/04 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Greyfirst
[2009/01/15 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Image Zone Express
[2010/03/22 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\IrfanView
[2007/12/18 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\LimeWire
[2010/11/23 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\MPEG Streamclip
[2010/09/12 07:55:20 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\NCH Swift Sound
[2008/12/27 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\OpenOffice.org
[2008/04/20 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Printer Info Cache
[2009/05/19 18:19:56 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\SecondLife
[2007/10/12 16:23:11 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Template
[2009/09/18 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Uniblue
[2010/11/23 23:06:18 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Unity
[2011/01/27 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Western Digital
[2010/06/15 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\WinPatrol
[2011/02/18 01:22:43 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
strawberry77
2011-02-18, 17:19
OTL Extras logfile created on: 2/18/2011 9:47:37 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 43.00 Gb Free Space | 19.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive G: | 930.86 Gb Total Space | 850.30 Gb Free Space | 91.35% Space Free | Partition Type: NTFS
Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2465096198-745748740-959045523-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F53AC7F-0053-46CD-97E1-50314BC520B9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014C1650-47EA-4CE4-B0CB-A59576F8EF91}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0845D630-78B5-4FA9-A312-DB20A2E9C343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0E702F8E-316A-4D6E-A7B9-363C9DFC1714}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{0F77678F-FD8F-44B8-8DE1-1662D70278E0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{1F8CC517-1610-4772-A8C9-F3801C2FC64F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{24293F55-6B24-42F7-ABE3-09F252663B31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{2E3C88EC-4F29-47B3-AF7F-3D312D1839EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{32D6519B-37E7-4385-8329-9CE17B50CF90}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{3A00C05A-CE6B-47AB-BC09-6C693702B5B2}" = protocol=6 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4188DF13-445C-461A-89CE-BFBF1D4E84A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{42DFE461-4D34-431C-AFA1-6B1D05E35E5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{45F3BB94-B808-4194-B569-122C78AFAECA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{546D7B89-D9F1-45CB-8FBE-A4392D517CB7}" = protocol=17 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{560EFB3E-D330-40AC-9EB8-A6945C2886EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{5A9ADCCC-DDA3-40CB-8F05-F8C2E130F4BD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5B9DB29D-5307-49A8-BCB4-00E28B1E9269}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{60B6385D-DF39-42EE-B9E3-4814AA78083C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{65A9016E-1329-44F3-A9F2-94F1ABEFB3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{660444AA-CC8D-42EF-8F91-53AFFF8FFCE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{69BEF2DB-3B21-4EB1-94F2-8162634B394D}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{6EA77D89-57CF-4F6B-96FF-BBBECCA62C9F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{718E048B-EDBA-4CBA-AA2F-57B9BE9D647F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{7466C883-A76E-4483-B65E-150C9E9060F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{75F0D437-21E5-4333-B873-8CFCECF62983}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{75FB9D31-1233-4899-9DB8-07F6B210B4A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{78C28CCC-5240-46BF-A6FB-949DE1A05420}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F9F52CF-1653-4CF0-BE0F-FA0D96461835}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{81AD00C7-60C4-4371-9549-BA69AD7EB2A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{869A6EF4-839C-4379-BFAB-4B38B03C2DF1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{92A225DF-20B1-48CE-8A7C-70F1AC84A077}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{94554304-409B-4B1A-84E1-7C5F750CC2CE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{98534A78-6FD1-4D5E-AE29-55170EA0B600}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{98BDBECE-1387-4229-A37A-5067E8F6A025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{9EDCB59C-DE40-48EA-A4B0-435FF6061AAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A38EEE45-9DBC-432E-A62C-9C9653E8F04C}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{A4AAF4C5-8B43-44B5-8763-933C1AEE7890}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A70E3F8E-EBC0-4377-BF78-51E0475276BA}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
"{B0434737-EEBB-4061-9D5D-0CA941D1F739}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B0ABFBF8-5D9E-4AA6-AC9F-C562815AC4B5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{BFC11691-3A2F-4059-8C7E-5F44DE52262D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{C4BFA500-2280-4225-8827-F63452CA24B7}" = dir=in | app=c:\users\al&marianne\appdata\local\temp\hp\oj6500ve709_full_12_en\setup\hpznui01.exe |
"{C973CC23-E665-4E59-ACC0-2418ACFE32B3}" = protocol=17 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CC42AB28-7DC2-4F34-B8E1-6C30598BD5C6}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CF613483-F14F-46C9-9299-99139AF1179C}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
"{D2B1BCC8-9859-4D90-8597-BD8227A39147}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{D4809965-9B14-4079-800E-5C4854BEF7FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D6223ED6-C110-4DBE-87DD-37E7AE0885FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D73C43EA-8E59-4861-8047-568DCCEF9D9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D93E6552-2EDA-4F7A-B944-B10271BC87AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E5978FC2-96D3-4276-B75B-A0E1064B7DB0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EA0E1ECF-8944-4BD6-8B34-67D30A334E57}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{EE556165-6FC9-4EF2-8321-8E14D13409CA}" = protocol=6 | dir=in | app=c:\users\al&marianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F77AD6DF-8228-4E62-9E7F-F6F23102DC3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{F8BBE6C1-4A32-4812-B985-EDB476659EF9}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"TCP Query User{84622680-1C01-4D9C-A794-34BE7FE6A241}C:\program files\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\program files\armagetron advanced\armagetronad.exe |
"TCP Query User{8514598A-467D-498E-A6F5-D5AC0AA17812}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{FFD931D8-0D7A-4095-9291-0D07CD26DA3F}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{5D279BCA-AA2C-4B20-AD14-8DC6E8C92EC0}C:\program files\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\program files\armagetron advanced\armagetronad.exe |
"UDP Query User{D15FD2C5-6385-4656-B350-F1E9F939C4ED}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{FFC68871-93F0-4EBE-AAA0-BE15BF83F786}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8551C414-2ACB-492E-9CEB-248BC81C46E0}_is1" = DICTER 3.05
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FB6AF1C-7B7B-42F9-BAAF-7592AC9819E6}" = AVG 2011
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"ArtistScope Plugin FX 424.2.0.0" = ArtistScope Plugin FX 42
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"AVG" = AVG 2011
"AVIConverter" = AVIConverter CHN-EN Package
"Celtx (2.7)" = Celtx (2.7)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"IrfanView" = IrfanView (remove only)
"Live 8.0.4" = Live 8.0.4
"Live 8.2.1" = Live 8.2.1
"LucasArts' Rogue Squadron" = LucasArts' Rogue Squadron
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marine Sharpshooter II: Jungle Warfare" = Marine Sharpshooter II: Jungle Warfare
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miditzer Style 216" = Miditzer Style 216 ver. 0.881
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"Myst for Windows 95" = Myst for Windows 95
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 6" = TeamViewer 6
"ToneGen" = NCH Tone Generator
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WinPatrol" = WinPatrol
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.5.0.457
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/17/2011 2:25:49 PM | Computer Name = NewDell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2/17/2011 2:25:49 PM | Computer Name = NewDell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2/17/2011 3:32:18 PM | Computer Name = NewDell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2/17/2011 8:53:58 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/17/2011 8:54:06 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4443845
Error - 2/17/2011 8:54:06 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4443845
Error - 2/17/2011 8:54:21 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/17/2011 8:54:21 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4466870
Error - 2/17/2011 8:54:21 PM | Computer Name = NewDell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4466870
Error - 2/18/2011 10:06:22 AM | Computer Name = NewDell-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ Media Center Events ]
Error - 10/19/2007 5:58:52 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 7/29/2008 1:32:06 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/9/2009 4:01:15 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/11/2009 1:18:02 PM | Computer Name = NewDell-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 2/16/2011 10:01:44 AM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
Description =
Error - 2/16/2011 10:02:30 AM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 2/16/2011 1:45:36 PM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
Description =
Error - 2/16/2011 1:46:29 PM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 2/16/2011 5:27:04 PM | Computer Name = NewDell-PC | Source = BROWSER | ID = 8032
Description =
Error - 2/17/2011 2:22:32 AM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 2/17/2011 1:19:45 PM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
Description =
Error - 2/17/2011 1:20:34 PM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 2/18/2011 9:44:12 AM | Computer Name = NewDell-PC | Source = DCOM | ID = 10016
Description =
Error - 2/18/2011 9:45:03 AM | Computer Name = NewDell-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Hi,
Before we begin try running this AVG Removal tool, then run OTL again and post a new log. It looks like you have the 32bit version of windows
http://www.avg.com/us-en/download-tools
strawberry77
2011-02-19, 05:29
I ran the AVG removal tool. Then OTL.
Here are the logs.
OTL logfile created on: 2/18/2011 10:08:27 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 43.37 Gb Free Space | 19.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive G: | 930.86 Gb Total Space | 850.28 Gb Free Space | 91.34% Space Free | Partition Type: NTFS
Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Al&Marianne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CSHelper.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Al&Marianne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
========== Win32 Services (SafeList) ==========
SRV - (CLTNetCnService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (DicterUpdateService) -- C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (rcmirror) -- C:\Windows\System32\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://h10025.www1.hp.com/ewfrf/wc/documentSubCategory?tmp_rule=17997&lc=en&dlc=en&cc=us&lang=en&softwareitem=mp-62866-1&os=2093&product=3635399
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2465096198-745748740-959045523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/05 15:49:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 13:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 13:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 15:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 22:21:15 | 000,000,000 | ---D | M]
[2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions
[2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions
[2011/01/18 10:04:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/18 10:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2010/07/31 13:02:27 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
[2010/09/15 19:44:22 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 14:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(421)
[2009/10/29 12:40:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/30 11:06:53 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\info@priceblink.com
[2009/03/22 17:06:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\moveplayer@movenetworks.com
[2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/19 22:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/08/15 21:42:10 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/08/24 14:42:59 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml
O1 HOSTS File: ([2011/02/15 00:26:17 | 000,249,908 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8711 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2465096198-745748740-959045523-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
O24 - Desktop BackupWallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{630d4bea-982a-11df-96ff-001aa0976877}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/18 09:45:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Al&Marianne\Desktop\OTL.exe
[2011/02/17 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/02/17 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Assemblage
[2011/02/17 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Pictures of decorated pot
[2011/02/17 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Creche pics
[2011/02/16 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Log files
[2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/16 06:59:03 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Malwarebytes
[2011/02/16 06:58:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/16 06:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/16 06:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/16 06:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/16 06:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/15 21:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/15 21:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/15 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011/02/15 01:52:05 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Avira
[2011/02/15 00:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/15 00:47:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/15 00:47:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/15 00:47:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/14 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/02/14 15:04:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/14 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/12 19:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/02/12 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/12 12:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/02/05 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/02/05 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Paint.NET
[2011/02/02 19:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/02/02 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\PackageAware
[2011/01/31 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/31 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/27 16:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2011/01/27 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Western_Digital
[2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/01/25 21:16:24 | 000,000,000 | ---D | C] -- C:\Nancy Drew
[2011/01/21 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/21 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/01/21 13:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/01/21 13:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/21 13:26:59 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l02t.dll
[2011/01/21 13:25:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/01/21 13:19:59 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/01/21 13:19:58 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll
[2011/01/21 13:19:58 | 000,718,336 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll
[2011/01/21 13:19:57 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/01/21 13:19:57 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
[2011/01/21 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
[2 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/18 21:51:04 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/02/18 21:50:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/18 21:50:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 21:50:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 21:50:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/18 21:50:40 | 2134,044,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/18 21:27:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 09:45:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Al&Marianne\Desktop\OTL.exe
[2011/02/17 22:29:52 | 000,028,160 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
[2011/02/17 19:57:21 | 000,072,080 | ---- | M] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
[2011/02/17 14:46:14 | 000,618,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/17 14:46:14 | 000,108,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/16 17:23:37 | 000,000,915 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/16 17:22:54 | 000,000,716 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
[2011/02/16 09:16:03 | 000,000,000 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
[2011/02/16 06:58:55 | 000,000,932 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/15 22:55:49 | 000,000,602 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/15 00:39:55 | 000,001,111 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/15 00:39:55 | 000,001,087 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Spybot - Search & Destroy.lnk
[2011/02/15 00:26:17 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/14 15:04:00 | 000,001,033 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/14 15:04:00 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/12 12:43:17 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
[2011/02/12 12:43:15 | 000,001,731 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/12 12:43:15 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/02/11 21:28:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/31 16:46:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/27 15:10:10 | 000,001,284 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/01/27 15:10:10 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/22 10:54:32 | 000,352,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/21 14:58:57 | 000,011,264 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Haldane.doc
[2011/01/21 14:25:56 | 000,228,975 | ---- | M] () -- C:\Windows\hpwins23.dat
[2011/01/21 13:34:44 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/21 13:32:04 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/01/20 17:13:44 | 000,001,635 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/02/17 19:57:19 | 000,072,080 | ---- | C] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
[2011/02/16 17:23:37 | 000,000,915 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/16 17:22:54 | 000,000,716 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
[2011/02/16 06:58:55 | 000,000,932 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/15 22:55:49 | 000,000,602 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/14 15:04:00 | 000,001,033 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/14 15:04:00 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/12 19:32:44 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/02/05 20:50:18 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/01/31 16:46:55 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/27 15:10:10 | 000,001,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/01/27 15:10:10 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/22 11:50:08 | 000,028,160 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
[2011/01/21 14:25:51 | 000,001,106 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\ConvAPIPlugin.log
[2011/01/21 13:35:38 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/01/21 13:35:04 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/01/21 13:34:44 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/21 13:32:59 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/01/21 13:32:04 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/01/28 13:06:03 | 000,024,206 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\UserTile.png
[2010/01/18 15:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/12/14 16:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
[2009/08/03 21:41:21 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/22 22:30:51 | 000,000,134 | ---- | C] () -- C:\Windows\QTW.INI
[2009/06/05 21:03:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/28 12:10:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2008/03/05 15:52:11 | 000,001,668 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/27 00:52:37 | 000,062,254 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/19 15:27:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2008/01/05 15:57:42 | 000,000,680 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\d3d9caps.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/12 16:23:11 | 000,002,582 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\wklnhst.dat
[2007/10/12 11:06:59 | 000,796,312 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
[2007/10/10 13:18:18 | 000,161,280 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 16:02:46 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/06 16:02:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== LOP Check ==========
[2010/12/27 22:21:40 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Ableton
[2010/09/10 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\acccore
[2007/11/14 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Aim
[2008/12/28 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Amazon
[2010/10/31 19:02:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Armagetron
[2010/09/29 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\AVG10
[2011/02/14 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Azureus
[2009/07/31 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive
[2010/04/21 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\CheckPoint
[2010/07/22 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eMusic
[2011/01/21 12:40:21 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
[2010/06/18 10:23:55 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Facebook
[2010/09/04 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Greyfirst
[2009/01/15 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Image Zone Express
[2010/03/22 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\IrfanView
[2007/12/18 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\LimeWire
[2010/11/23 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\MPEG Streamclip
[2010/09/12 07:55:20 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\NCH Swift Sound
[2008/12/27 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\OpenOffice.org
[2008/04/20 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Printer Info Cache
[2009/05/19 18:19:56 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\SecondLife
[2007/10/12 16:23:11 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Template
[2009/09/18 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Uniblue
[2010/11/23 23:06:18 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Unity
[2011/01/27 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\Western Digital
[2010/06/15 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Al&Marianne\AppData\Roaming\WinPatrol
[2011/02/18 21:49:16 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
strawberry77
2011-02-19, 05:42
No Extras.txt log opened after the scan finished. I searched the C drive but there was none for this scan. I used the same settings for the scan that you gave me previously. Did I do something wrong?
Thanks again for you continuing help with this...the AVG scrubber seems to have worked.
Hi,
It looks like you may have run Combofix at one time, not recommended unless instructed by a forum helper. Its a very powerful tool and can damage your system if not run correctly. It looks like AVG is about gone, just so you know for future reference when running tools on your own that there where some serious issues when Combofix was run while AVG was present.
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
strawberry77
2011-02-19, 20:47
OTL Run Fix log
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Al&Marianne
->Temp folder emptied: 4556297065 bytes
->Temporary Internet Files folder emptied: 130070833 bytes
->Java cache emptied: 102390234 bytes
->FireFox cache emptied: 107466619 bytes
->Google Chrome cache emptied: 100887216 bytes
->Flash cache emptied: 2901935 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 659768 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52106760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 605279740 bytes
Total Files Cleaned = 5,396.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.20.6 log created on 02192011_130713
Files\Folders moved on Reboot...
C:\Users\Al&Marianne\AppData\Local\Temp\~DF50A4.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT04186.TMP not found!
Registry entries deleted on Reboot...
strawberry77
2011-02-19, 21:08
Here is the second run log of OTL
OTL logfile created on: 2/19/2011 1:48:08 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Al&Marianne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 48.36 Gb Free Space | 21.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive G: | 930.86 Gb Total Space | 850.27 Gb Free Space | 91.34% Space Free | Partition Type: NTFS
Computer Name: NEWDELL-PC | User Name: Al&Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Al&Marianne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CSHelper.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Al&Marianne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
========== Win32 Services (SafeList) ==========
SRV - (CLTNetCnService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (DicterUpdateService) -- C:\Program Files\Dicter\DicterService.exe (Zeyfman Genady)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (rcmirror) -- C:\Windows\System32\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://h10025.www1.hp.com/ewfrf/wc/documentSubCategory?tmp_rule=17997&lc=en&dlc=en&cc=us&lang=en&softwareitem=mp-62866-1&os=2093&product=3635399
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/05 15:49:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 13:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 13:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 15:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 22:21:15 | 000,000,000 | ---D | M]
[2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions
[2010/09/04 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions
[2011/01/18 10:04:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/18 10:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2010/07/31 13:02:27 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
[2010/09/15 19:44:22 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 14:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(421)
[2009/10/29 12:40:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/30 11:06:53 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\info@priceblink.com
[2009/03/22 17:06:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Al&Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\6fenrigl.default\extensions\moveplayer@movenetworks.com
[2011/02/17 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/19 22:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010/09/04 10:18:43 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010/09/04 10:18:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/08/15 21:42:10 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/08/24 14:42:59 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml
O1 HOSTS File: ([2011/02/19 13:15:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Al&Marianne\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
O24 - Desktop BackupWallPaper: C:\Users\Al&Marianne\Pictures\2010-02-19\044.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{21e15cb2-7dc7-11dd-8f91-001aa0976877}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{336082c4-75d7-11dd-8f59-001aa0976877}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell - "" = AutoRun
O33 - MountPoints2\{56ea33d9-1fea-11e0-b31f-001aa0976877}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{630d4bea-982a-11df-96ff-001aa0976877}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/19 13:07:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/18 09:45:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Al&Marianne\Desktop\OTL.exe
[2011/02/17 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/02/17 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Assemblage
[2011/02/17 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Pictures of decorated pot
[2011/02/17 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Creche pics
[2011/02/16 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\Desktop\Log files
[2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/16 17:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/16 06:59:03 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Malwarebytes
[2011/02/16 06:58:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/16 06:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/16 06:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/16 06:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/16 06:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/15 21:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/15 21:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/15 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011/02/15 01:52:05 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\Avira
[2011/02/15 00:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/15 00:47:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/15 00:47:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/15 00:47:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/15 00:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/14 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/02/14 15:04:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/14 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/12 19:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/02/12 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/12 12:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/02/05 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/02/05 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Paint.NET
[2011/02/02 19:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/02/02 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\PackageAware
[2011/01/31 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/31 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/27 16:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2011/01/27 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Local\Western_Digital
[2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/01/27 15:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/01/25 21:16:24 | 000,000,000 | ---D | C] -- C:\Nancy Drew
[2011/01/21 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/21 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/01/21 13:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/01/21 13:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/21 13:26:59 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l02t.dll
[2011/01/21 13:25:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/01/21 13:19:59 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/01/21 13:19:58 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll
[2011/01/21 13:19:58 | 000,718,336 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll
[2011/01/21 13:19:57 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/01/21 13:19:57 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
[2011/01/21 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Al&Marianne\AppData\Roaming\eTeks
========== Files - Modified Within 30 Days ==========
[2011/02/19 13:32:36 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/02/19 13:32:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/19 13:32:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/19 13:32:21 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/19 13:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/19 13:32:00 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/19 13:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/19 13:15:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/18 09:45:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Al&Marianne\Desktop\OTL.exe
[2011/02/17 22:29:52 | 000,028,160 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
[2011/02/17 19:57:21 | 000,072,080 | ---- | M] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
[2011/02/17 14:46:14 | 000,618,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/17 14:46:14 | 000,108,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/16 17:23:37 | 000,000,915 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/16 17:22:54 | 000,000,716 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
[2011/02/16 09:16:03 | 000,000,000 | ---- | M] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
[2011/02/16 06:58:55 | 000,000,932 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/15 22:55:49 | 000,000,602 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/15 00:39:55 | 000,001,111 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/15 00:39:55 | 000,001,087 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Spybot - Search & Destroy.lnk
[2011/02/14 15:04:00 | 000,001,033 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/14 15:04:00 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/12 12:43:17 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
[2011/02/12 12:43:15 | 000,001,731 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/12 12:43:15 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/02/11 21:28:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/31 16:46:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/27 15:10:10 | 000,001,284 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/01/27 15:10:10 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/22 10:54:32 | 000,352,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/21 14:58:57 | 000,011,264 | ---- | M] () -- C:\Users\Al&Marianne\Desktop\Haldane.doc
[2011/01/21 14:25:56 | 000,228,975 | ---- | M] () -- C:\Windows\hpwins23.dat
[2011/01/21 13:34:44 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/21 13:32:04 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/01/20 17:13:44 | 000,001,635 | ---- | M] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
========== Files Created - No Company Name ==========
[2011/02/17 19:57:19 | 000,072,080 | ---- | C] () -- C:\Users\Al&Marianne\g2mdlhlpx.exe
[2011/02/16 17:23:37 | 000,000,915 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/16 17:22:54 | 000,000,716 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ERUNT.lnk
[2011/02/16 06:58:55 | 000,000,932 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/15 22:55:49 | 000,000,602 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/14 15:04:00 | 000,001,033 | ---- | C] () -- C:\Users\Al&Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/14 15:04:00 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/12 19:32:44 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/02/05 20:50:18 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/01/31 16:46:55 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/27 15:10:10 | 000,001,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/01/27 15:10:10 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/22 11:50:08 | 000,028,160 | ---- | C] () -- C:\Users\Al&Marianne\Desktop\eaglewriteup.doc
[2011/01/21 14:25:51 | 000,001,106 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\ConvAPIPlugin.log
[2011/01/21 13:35:38 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/01/21 13:35:04 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/01/21 13:34:44 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/21 13:32:59 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/01/21 13:32:04 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/01/28 13:06:03 | 000,024,206 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\UserTile.png
[2010/01/18 15:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/12/14 16:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\prvlcl.dat
[2009/08/03 21:41:21 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/22 22:30:51 | 000,000,134 | ---- | C] () -- C:\Windows\QTW.INI
[2009/06/05 21:03:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/28 12:10:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2008/03/05 15:52:11 | 000,001,668 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/27 00:52:37 | 000,062,254 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/19 15:27:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2008/01/05 15:57:42 | 000,000,680 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\d3d9caps.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/12 16:23:11 | 000,002,582 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Roaming\wklnhst.dat
[2007/10/12 11:06:59 | 000,796,312 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
[2007/10/10 13:18:18 | 000,161,280 | ---- | C] () -- C:\Users\Al&Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 16:02:46 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/06 16:02:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
< End of report >
Great, lets check for leftovers that the other scans maynot have found
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
strawberry77
2011-02-20, 00:03
"IE Security Warning" is asking to install the software "OnlineScanner.cab"
Is that right? It was not in your list of directions, just making sure!
strawberry77
2011-02-20, 10:21
Here is the ESET log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=959c18601e50ed41bff7772dca937c90
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-20 06:48:29
# local_time=2011-02-20 01:48:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 41072390 134783688 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 5641906 8147400 0 0
# scanned=242177
# found=0
# cleaned=0
# scan_time=8348
:bigthumb:
Hows your system behaving now ?
strawberry77
2011-02-20, 22:45
I have restricted use of this computer until the malware issues were resolved. So no surfing, and only minimal use of a few known websites. Windows update is now working, although January updates have disappeared. I still cannot update Spybot, so it won't run. I get an "error retrieving update info file" Should I uninstall and download a fresh version? The only other issue is, I get a window every time I start up - "Ad-Aware was shut down unexpectedly and has generated an error report. Click to send....." I'm not sure what is up with Ad-Aware...I ran that early on in this debacle and it found nothing. Perhaps it had been compromised in some way.
Other than that things seem to be OK.
I am planning to use AVIRA from now on. SpybotS&D and MalwareBytes. I have been using Zone Alarm for a firewall. I would appreciate your recommendations. I having been reading about replacing the HOSTS file, do you think that is worth while?
Do you know what happened and how it happened? I know there was some indiscriminate downloading going on without my noticing(teenage son who I thought knew better) But I would like to change any other bad habits we have to avoid this happening again.
To clarify- I had downloaded the Combo-Fix on a recommendation from someone who knows a little. But I backed off when I read up on it and saw what a serious tool it is. I may be dumb sometimes but I'm not stupid. I will uninstall that when you give me the green light that all is well.
I want to thank you for all your help. I really appreciate your dedication to helping us poor slobs.
Let me know what you think...thanks again!
Hi,
When we ran the OTL fix I had it reset the hosts file so no need to reset it again
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
I think I would uninstall both Spybot and Ad Aware and then just reinstall Spybot, really no need for them both. Then see if it works, if not you can post here in the Spybot forum for help.
http://forums.spybot.info/forumdisplay.php?f=4
Malwarebytes is a great program, the Pro Version has a protection module that is nice to have, but this is up to you .
Just use one AV, Avire is fine, keep it updated and run a scan at least weekly.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.