View Full Version : Windows Protection Suite & Redirected Hosts issues
Danny Watkins
2011-03-09, 01:42
Hi,
I have run AVG free, CCleaner, Ad Aware, MalwareBytes and Spybot v.1.6.2.46. This laptop belongs to a friends teenager who I think has brought in malware from torrenting. Here is the DDS Text, Attach file and spybot clipboard report. Sorry I havent zipped these. For now I have made the hosts file read only and I'm not using google as this is where the hijacking occours. Any help is appreciated. Thanks
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Please copy and paste the reports into this thread, its easier for us to analyze them.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Danny Watkins
2011-03-09, 11:15
Hi Sorry about that, here are the files in full. I should mention that I got a message on startup this morning.
'Unable to create file ERDNT.inf...
So I have a warning that there is no system restore point. I click on OK and I get a message
'Error saving \BCD...RegCreateKeyEx:5 Access denied.'
I wont run ATF or OTL until I can confirm from you that it is OK to proceed. Perhaps I should attempt the ERUNT again? Please advise. Thanks
DDS File
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gar at 22:55:06.61 on 08/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3002.1775 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Gar\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gar\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\emachines\emachines power management\ePowerTray.exe
mRun: [WarReg_PopUp] c:\program files\emachines\wr_popup\WarReg_PopUp.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\gar\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\gar\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gar\appdata\roaming\mozilla\firefox\profiles\iws81pju.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gar\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-8 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 ePowerSvc;Acer ePower Service;c:\program files\emachines\emachines power management\ePowerSvc.exe [2009-5-6 723488]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-7 1405384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-26 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 21072]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-7 15232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-3-8 27192]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-26 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-08 18:44:41 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-08 18:42:33 -------- d-----w- c:\users\gar\appdata\local\Sunbelt Software
2011-03-08 18:41:53 -------- dc-h--w- c:\progra~2\{FBDCB4C3-B311-49AB-BA14-8627DF5B444A}
2011-03-08 13:58:03 -------- d--h--w- C:\$AVG
2011-03-08 10:13:27 -------- d-----w- c:\users\gar\appdata\local\VS Revo Group
2011-03-08 10:13:19 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-02-24 00:40:37 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 22:57:27 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 22:57:26 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 16:36:58 204288 ----a-w- c:\windows\system32\upnp.dll
.
==================== Find3M ====================
.
2011-03-07 08:06:28 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 22:55:40.79 ===============
SpyBot Report
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-03-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-01 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-01 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-01 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-01 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-02-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-01 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-01 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-01 Includes\TrojansC-02.sbi (*)
2011-03-01 Includes\TrojansC-03.sbi (*)
2011-03-01 Includes\TrojansC-04.sbi (*)
2011-03-01 Includes\TrojansC-05.sbi (*)
2011-03-01 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/12/2009 23:07:44
System Uptime: 08/03/2011 21:45:14 (1 hours ago)
.
Motherboard: eMachines | | eMachines E525
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | uPGA-478 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 77.152 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 30.278 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 26/01/2011 13:15:58 - Installed Java(TM) 6 Update 20
RP17: 26/01/2011 13:16:50 - Installed OpenOffice.org 3.2
RP18: 26/01/2011 13:22:54 - Windows Update
RP19: 26/01/2011 14:12:10 - Windows Update
RP20: 26/01/2011 14:20:25 - Installed AVG 2011
RP21: 26/01/2011 14:20:57 - Installed AVG 2011
RP22: 26/01/2011 14:23:50 - Removed AVG 2011
RP23: 26/01/2011 14:44:42 - Installed AVG 2011
RP24: 26/01/2011 14:45:13 - Installed AVG 2011
RP25: 26/01/2011 14:47:13 - Removed AVG 2011
RP27: 26/01/2011 14:53:23 - Revo Uninstaller's restore point - McAfee Security Scan Plus
RP29: 26/01/2011 14:54:53 - Revo Uninstaller's restore point - Norton Internet Security
RP30: 26/01/2011 15:01:29 - Installed AVG 2011
RP31: 26/01/2011 15:02:05 - Installed AVG 2011
RP32: 26/01/2011 15:04:46 - Removed AVG 2011
RP34: 26/01/2011 20:11:34 - Revo Uninstaller's restore point - Windows 7 Upgrade Advisor
RP35: 26/01/2011 20:11:49 - Removed Windows 7 Upgrade Advisor
RP36: 26/01/2011 21:25:51 - Windows Update
RP37: 26/01/2011 22:24:34 - Installed AVG 2011
RP38: 26/01/2011 22:24:59 - Installed AVG 2011
RP39: 27/01/2011 22:35:26 - Windows Update
RP40: 28/01/2011 15:39:08 - Windows Update
RP42: 02/02/2011 21:06:38 - Windows Live Essentials
RP43: 02/02/2011 21:07:41 - Windows Update
RP45: 02/02/2011 21:08:55 - Installed DirectX
RP47: 02/02/2011 21:09:35 - Installed DirectX
RP48: 02/02/2011 21:10:53 - WLSetup
RP49: 04/02/2011 23:57:38 - Windows Update
RP50: 09/02/2011 16:46:52 - Windows Update
RP51: 12/02/2011 00:26:35 - Windows Update
RP52: 24/02/2011 00:40:19 - Windows Update
RP54: 08/03/2011 10:16:28 - Revo Uninstaller Pro's restore point - Mozilla Firefox (3.6.13)
RP56: 08/03/2011 10:27:24 - Revo Uninstaller Pro's restore point - Windows® Internet Explorer
RP57: 08/03/2011 10:32:26 - Installed Java(TM) 6 Update 24
RP58: 08/03/2011 12:56:30 - Installed Adobe Reader X.
RP59: 08/03/2011 19:00:18 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 204.152.194.204 www.google.com
Hosts: 204.152.194.204 google.com
Hosts: 204.152.194.204 google.com.au
Hosts: 204.152.194.204 www.google.com.au
Hosts: 204.152.194.204 google.be
Hosts: 204.152.194.204 www.google.be
Hosts: 204.152.194.204 google.com.br
Hosts: 204.152.194.204 www.google.com.br
Hosts: 204.152.194.204 google.ca
Hosts: 204.152.194.204 www.google.ca
Hosts: 204.152.194.204 google.ch
Hosts: 204.152.194.204 www.google.ch
Hosts: 204.152.194.204 google.de
Hosts: 204.152.194.204 www.google.de
Hosts: 204.152.194.204 google.dk
Hosts: 204.152.194.204 www.google.dk
Hosts: 204.152.194.204 google.fr
Hosts: 204.152.194.204 www.google.fr
Hosts: 204.152.194.204 google.ie
Hosts: 204.152.194.204 www.google.ie
Hosts: 204.152.194.204 google.it
Hosts: 204.152.194.204 www.google.it
Hosts: 204.152.194.204 google.co.jp
Hosts: 204.152.194.204 www.google.co.jp
Hosts: 204.152.194.204 google.nl
Hosts: 204.152.194.204 www.google.nl
Hosts: 204.152.194.204 google.no
Hosts: 204.152.194.204 www.google.no
Hosts: 204.152.194.204 google.co.nz
Hosts: 204.152.194.204 www.google.co.nz
Hosts: 204.152.194.204 google.pl
Hosts: 204.152.194.204 www.google.pl
Hosts: 204.152.194.204 google.se
Hosts: 204.152.194.204 www.google.se
Hosts: 204.152.194.204 google.co.uk
Hosts: 204.152.194.204 www.google.co.uk
Hosts: 204.152.194.204 google.co.za
Hosts: 204.152.194.204 www.google.co.za
Hosts: 204.152.194.204 www.google-analytics.com
Hosts: 204.152.194.204 www.bing.com
Hosts: 204.152.194.204 search.yahoo.com
Hosts: 204.152.194.204 www.search.yahoo.com
Hosts: 204.152.194.204 uk.search.yahoo.com
Hosts: 204.152.194.204 ca.search.yahoo.com
Hosts: 204.152.194.204 de.search.yahoo.com
Hosts: 204.152.194.204 fr.search.yahoo.com
Hosts: 204.152.194.204 au.search.yahoo.com
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Reader X (10.0.1)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
AVG 2011
CCleaner
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel Photo Album 6
D3DX10
Defraggler
Dell PC Fax
Dell Photo AIO Printer 926
eMachines Games
eMachines Power Management
eMachines Recovery Management
eMachines ScreenSaver
ERUNT 1.1j
Google Chrome
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
InterVideo WinDVD 8
Java Auto Updater
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.15)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OpenOffice.org 3.2
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller Pro 2.5.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
08/03/2011 21:48:40, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
08/03/2011 20:44:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
08/03/2011 19:29:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
08/03/2011 18:44:43, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
08/03/2011 18:42:18, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
08/03/2011 12:38:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
08/03/2011 11:05:59, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
08/03/2011 11:05:59, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
08/03/2011 11:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
08/03/2011 11:05:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08/03/2011 11:05:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08/03/2011 11:05:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
08/03/2011 11:02:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr Wanarpv6
08/03/2011 11:02:53, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
08/03/2011 09:59:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
08/03/2011 09:59:03, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Good Morning,
Go ahead and run ATF Cleaner first and then run OTL and post the log, it looks like malware has infected your hosts file
Danny Watkins
2011-03-09, 12:08
Hi,
I copied a list of 127.0.0.1 marked sites from my own hosts file into this host file and saved it as 'read only' last night. The machine is online now and the host file has not changed. Would that affect the performance of the ERUNT? Should I make the host file readable again before running ATF/OTL?
Thanks
Go ahead and run both those programs, after I see the log from OTL we are going to reset your hosts file back to default and when were done you can alter it anyway you wish.
This would not effect ERUNT and yes make the hostsfile readable
Danny Watkins
2011-03-09, 14:26
OTL
OTL logfile created on: 09/03/2011 12:18:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gar\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 3001 4501 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 76.04 Gb Free Space | 54.69% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Gar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gar\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Users\Gar\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DeviceDisplayObjectProvider.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Windows\System32\dlcxcoms.exe ( )
PRC - C:\Program Files\ERUNT\AUTOBACK.EXE ()
PRC - C:\Program Files\ERUNT\ERUNT.EXE ()
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Gar\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\eMachines\eMachines Power Management\SysHook.dll (Acer Incorporated)
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3060041670-746573680-1236380484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/26 22:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/08 10:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 12:57:43 | 000,000,000 | ---D | M]
[2011/03/08 10:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gar\AppData\Roaming\Mozilla\Extensions
[2011/03/08 10:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gar\AppData\Roaming\Mozilla\Firefox\Profiles\iws81pju.default\extensions
[2011/03/08 10:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/26 22:25:48 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
O1 HOSTS File: ([2010/12/02 11:59:13 | 000,002,811 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.204 www.google.com
O1 - Hosts: 204.152.194.204 google.com
O1 - Hosts: 204.152.194.204 google.com.au
O1 - Hosts: 204.152.194.204 www.google.com.au
O1 - Hosts: 204.152.194.204 google.be
O1 - Hosts: 204.152.194.204 www.google.be
O1 - Hosts: 204.152.194.204 google.com.br
O1 - Hosts: 204.152.194.204 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKU\S-1-5-21-3060041670-746573680-1236380484-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-3060041670-746573680-1236380484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9f336f31-260b-11df-bd8a-00235a94f18f}\Shell - "" = AutoRun
O33 - MountPoints2\{9f336f31-260b-11df-bd8a-00235a94f18f}\Shell\AutoRun\command - "" = E:\VTP_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/08 22:52:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/08 22:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/08 22:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/08 18:44:41 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/08 18:42:33 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Local\Sunbelt Software
[2011/03/08 18:42:18 | 000,000,000 | -H-D | C] -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/03/08 18:41:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{FBDCB4C3-B311-49AB-BA14-8627DF5B444A}
[2011/03/08 18:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/08 13:58:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/08 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Roaming\Mozilla
[2011/03/08 10:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/08 10:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/08 10:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/08 10:33:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/08 10:33:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/08 10:33:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/08 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Local\VS Revo Group
[2011/03/08 10:13:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/03/08 10:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/03/08 10:07:14 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 22:57:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 22:57:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 16:37:26 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 16:37:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 16:37:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 16:37:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 16:37:16 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 16:37:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 16:37:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 16:37:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 16:37:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 16:37:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 16:37:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 16:37:14 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 16:37:08 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 16:37:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 16:37:07 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 16:37:06 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 16:37:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 16:37:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 16:37:03 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 16:37:02 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/02/09 16:37:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 16:37:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 16:37:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 16:36:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 16:36:57 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 16:36:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 16:36:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 16:36:54 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/09 16:36:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/10/18 16:25:46 | 000,983,040 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2010/10/18 16:25:46 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010/10/18 16:25:46 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010/10/18 16:25:45 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2010/10/18 16:25:45 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2010/10/18 16:25:45 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2010/10/18 16:25:45 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2010/10/18 16:25:45 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2010/10/18 16:25:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2010/10/18 16:25:44 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2010/10/18 16:25:43 | 000,610,304 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2010/10/18 16:25:43 | 000,495,616 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2010/10/18 16:25:43 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2010/10/18 16:25:43 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== Files - Modified Within 30 Days ==========
[2011/03/09 12:12:24 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000UA.job
[2011/03/09 12:12:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 12:12:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 10:11:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000Core.job
[2011/03/09 09:54:17 | 108,086,999 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/09 08:52:00 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 08:52:00 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 08:44:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 08:43:28 | 2360,856,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/08 22:52:02 | 000,001,076 | ---- | M] () -- C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 22:51:53 | 000,000,896 | ---- | M] () -- C:\Users\Gar\Desktop\NTREGOPT.lnk
[2011/03/08 22:51:53 | 000,000,877 | ---- | M] () -- C:\Users\Gar\Desktop\ERUNT.lnk
[2011/03/08 18:44:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/03/08 18:41:52 | 000,001,126 | ---- | M] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/08 18:41:52 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/08 13:16:29 | 000,025,932 | ---- | M] () -- C:\Users\Gar\Documents\Registry Backup 4.reg
[2011/03/08 13:14:55 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/08 13:06:53 | 000,001,409 | ---- | M] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/08 12:57:44 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/08 10:36:29 | 000,001,911 | ---- | M] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/08 10:36:29 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/08 10:13:21 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/03/08 10:07:37 | 000,620,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/08 10:07:37 | 000,107,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/08 10:07:17 | 000,002,300 | ---- | M] () -- C:\Users\Gar\Desktop\Google Chrome.lnk
[2011/03/07 19:05:18 | 000,025,248 | ---- | M] () -- C:\Users\Gar\Documents\Registry Backup 3.reg
[2011/03/07 08:06:28 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/07 08:06:28 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/02/09 20:13:09 | 000,010,370 | ---- | M] () -- C:\Users\Gar\Documents\Invoice.odt
[2011/02/09 20:12:48 | 000,010,442 | ---- | M] () -- C:\Users\Gar\Documents\Invoice 2.odt
[2011/02/09 19:48:14 | 000,366,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/03/08 22:52:02 | 000,001,076 | ---- | C] () -- C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 22:51:53 | 000,000,896 | ---- | C] () -- C:\Users\Gar\Desktop\NTREGOPT.lnk
[2011/03/08 22:51:53 | 000,000,877 | ---- | C] () -- C:\Users\Gar\Desktop\ERUNT.lnk
[2011/03/08 18:41:52 | 000,001,126 | ---- | C] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/08 18:41:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/08 13:16:26 | 000,025,932 | ---- | C] () -- C:\Users\Gar\Documents\Registry Backup 4.reg
[2011/03/08 13:06:53 | 000,001,409 | ---- | C] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/08 12:57:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/08 12:57:44 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/08 10:36:29 | 000,001,911 | ---- | C] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/08 10:36:29 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/08 10:13:21 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/03/08 10:07:17 | 000,002,300 | ---- | C] () -- C:\Users\Gar\Desktop\Google Chrome.lnk
[2011/03/08 10:06:29 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000UA.job
[2011/03/08 10:06:28 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000Core.job
[2011/03/07 19:05:15 | 000,025,248 | ---- | C] () -- C:\Users\Gar\Documents\Registry Backup 3.reg
[2011/02/09 20:12:05 | 000,010,442 | ---- | C] () -- C:\Users\Gar\Documents\Invoice 2.odt
[2011/02/09 20:05:47 | 000,010,370 | ---- | C] () -- C:\Users\Gar\Documents\Invoice.odt
[2011/01/26 21:23:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/01/25 18:58:48 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/10/18 16:30:16 | 000,331,776 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010/10/18 16:30:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2010/10/18 16:26:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2010/10/18 16:26:32 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2010/10/18 16:25:46 | 000,450,560 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2010/10/18 16:25:46 | 000,389,120 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010/10/18 16:25:44 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2010/10/18 16:25:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2010/10/18 16:25:44 | 000,167,936 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2010/10/18 16:25:44 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2010/10/18 16:25:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2010/10/18 16:25:43 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2010/10/18 16:25:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2010/10/18 16:25:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/01/08 19:57:27 | 000,019,456 | ---- | C] () -- C:\Users\Gar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 22:59:31 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,366,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,620,086 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,107,978 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 18:07:52 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/03/11 14:04:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/11 14:04:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/11 14:04:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/11 14:04:16 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2006/09/22 06:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/03/19 18:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2005/07/08 08:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
========== LOP Check ==========
[2011/01/26 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Gar\AppData\Roaming\AVG10
[2011/01/26 20:10:02 | 000,000,000 | -HSD | M] -- C:\Users\Gar\AppData\Roaming\Internet Security Suite
[2011/01/26 14:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gar\AppData\Roaming\OpenOffice.org
[2011/01/27 22:35:09 | 000,000,000 | ---D | M] -- C:\Users\Gar\AppData\Roaming\SoftGrid Client
[2011/02/04 22:27:40 | 000,000,000 | ---D | M] -- C:\Users\Gar\AppData\Roaming\TP
[2011/03/08 10:21:41 | 000,000,000 | ---D | M] -- C:\Users\Gar\AppData\Roaming\uTorrent
[2009/12/29 11:53:44 | 000,000,000 | ---D | M] -- C:\Users\Gar\AppData\Roaming\WildTangent
[2011/02/23 22:49:03 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Danny Watkins
2011-03-09, 14:27
Extras
OTL Extras logfile created on: 09/03/2011 12:18:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gar\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 3001 4501 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 76.04 Gb Free Space | 54.69% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Gar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B751AEA-D37F-4246-9CF1-D37B429FDFD3}" = AVG 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"AVG" = AVG 2011
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"eMachines Screensaver" = eMachines ScreenSaver
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3060041670-746573680-1236380484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14/02/2011 16:49:03 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 15/02/2011 17:00:08 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 16/02/2011 14:57:40 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 17/02/2011 15:48:14 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 18/02/2011 10:29:03 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 21/02/2011 06:11:57 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 21/02/2011 09:56:38 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 21/02/2011 18:37:11 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 22/02/2011 08:21:16 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 22/02/2011 18:24:20 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09/03/2011 05:49:44 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 05:49:45 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 05:49:47 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:09 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:10 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:11 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:15 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:16 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:18 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 09/03/2011 08:12:19 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866292
Description =
< End of report >
Hello Danny,
Those torrents are bad news, any form of File Sharing are. Your downloading that file from and unknown location and not all but a good percentage contain malicious data.
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top <--Not run scan
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Danny Watkins
2011-03-09, 14:55
I hear ya re the torrents - I dont go near them myself. The laptop belongs to a teenager in need of some education :).
Danny Watkins
2011-03-09, 15:06
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gar
->Temp folder emptied: 204800 bytes
->Temporary Internet Files folder emptied: 3228050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12125059 bytes
->Google Chrome cache emptied: 10578363 bytes
->Flash cache emptied: 2530 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 25.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[Reboot]:OTL> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.22.3 log created on 03092011_125408
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL Run 2
OTL logfile created on: 09/03/2011 13:00:06 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gar\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 3001 4501 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 75.41 Gb Free Space | 54.23% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 30.28 Gb Free Space | 81.27% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Gar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gar\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Gar\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Windows\System32\dlcxcoms.exe ( )
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Gar\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\eMachines\eMachines Power Management\SysHook.dll (Acer Incorporated)
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/26 22:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/08 10:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 12:57:43 | 000,000,000 | ---D | M]
[2011/03/08 10:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gar\AppData\Roaming\Mozilla\Extensions
[2011/03/08 10:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gar\AppData\Roaming\Mozilla\Firefox\Profiles\iws81pju.default\extensions
[2011/03/08 10:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/26 22:25:48 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
O1 HOSTS File: ([2011/03/09 12:54:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9f336f31-260b-11df-bd8a-00235a94f18f}\Shell - "" = AutoRun
O33 - MountPoints2\{9f336f31-260b-11df-bd8a-00235a94f18f}\Shell\AutoRun\command - "" = E:\VTP_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/09 12:57:08 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Local\Acer ePower Management V4
[2011/03/09 12:54:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/08 22:52:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/08 22:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/08 22:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/08 18:44:41 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/08 18:42:33 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Local\Sunbelt Software
[2011/03/08 18:42:18 | 000,000,000 | -H-D | C] -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/03/08 18:41:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{FBDCB4C3-B311-49AB-BA14-8627DF5B444A}
[2011/03/08 18:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/08 13:58:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/08 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Roaming\Mozilla
[2011/03/08 10:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/08 10:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/08 10:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/08 10:33:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/08 10:33:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/08 10:33:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/08 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Local\VS Revo Group
[2011/03/08 10:13:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/03/08 10:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/03/08 10:07:14 | 000,000,000 | ---D | C] -- C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 22:57:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 22:57:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 16:37:26 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 16:37:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 16:37:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 16:37:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 16:37:16 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 16:37:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 16:37:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 16:37:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 16:37:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 16:37:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 16:37:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 16:37:14 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 16:37:08 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 16:37:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 16:37:07 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 16:37:06 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 16:37:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 16:37:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 16:37:03 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 16:37:02 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/02/09 16:37:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 16:37:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 16:37:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 16:36:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 16:36:57 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 16:36:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 16:36:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 16:36:54 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/09 16:36:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/10/18 16:25:46 | 000,983,040 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2010/10/18 16:25:46 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010/10/18 16:25:46 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010/10/18 16:25:45 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2010/10/18 16:25:45 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2010/10/18 16:25:45 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2010/10/18 16:25:45 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2010/10/18 16:25:45 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2010/10/18 16:25:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2010/10/18 16:25:44 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2010/10/18 16:25:43 | 000,610,304 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2010/10/18 16:25:43 | 000,495,616 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2010/10/18 16:25:43 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2010/10/18 16:25:43 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== Files - Modified Within 30 Days ==========
[2011/03/09 12:58:18 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/03/09 12:56:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 12:55:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 12:55:42 | 2360,856,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/09 12:54:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/09 12:12:24 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000UA.job
[2011/03/09 12:12:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 10:11:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000Core.job
[2011/03/09 09:54:17 | 108,086,999 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/09 08:52:00 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 08:52:00 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 22:52:02 | 000,001,076 | ---- | M] () -- C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 22:51:53 | 000,000,896 | ---- | M] () -- C:\Users\Gar\Desktop\NTREGOPT.lnk
[2011/03/08 22:51:53 | 000,000,877 | ---- | M] () -- C:\Users\Gar\Desktop\ERUNT.lnk
[2011/03/08 18:44:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/03/08 18:41:52 | 000,001,126 | ---- | M] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/08 18:41:52 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/08 13:16:29 | 000,025,932 | ---- | M] () -- C:\Users\Gar\Documents\Registry Backup 4.reg
[2011/03/08 13:14:55 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/08 13:06:53 | 000,001,409 | ---- | M] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/08 12:57:44 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/08 10:36:29 | 000,001,911 | ---- | M] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/08 10:36:29 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/08 10:13:21 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/03/08 10:07:37 | 000,620,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/08 10:07:37 | 000,107,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/08 10:07:17 | 000,002,300 | ---- | M] () -- C:\Users\Gar\Desktop\Google Chrome.lnk
[2011/03/07 19:05:18 | 000,025,248 | ---- | M] () -- C:\Users\Gar\Documents\Registry Backup 3.reg
[2011/03/07 08:06:28 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/07 08:06:28 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/02/09 20:13:09 | 000,010,370 | ---- | M] () -- C:\Users\Gar\Documents\Invoice.odt
[2011/02/09 20:12:48 | 000,010,442 | ---- | M] () -- C:\Users\Gar\Documents\Invoice 2.odt
[2011/02/09 19:48:14 | 000,366,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/03/09 12:58:18 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/03/08 22:52:02 | 000,001,076 | ---- | C] () -- C:\Users\Gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/08 22:51:53 | 000,000,896 | ---- | C] () -- C:\Users\Gar\Desktop\NTREGOPT.lnk
[2011/03/08 22:51:53 | 000,000,877 | ---- | C] () -- C:\Users\Gar\Desktop\ERUNT.lnk
[2011/03/08 18:41:52 | 000,001,126 | ---- | C] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/08 18:41:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/08 13:16:26 | 000,025,932 | ---- | C] () -- C:\Users\Gar\Documents\Registry Backup 4.reg
[2011/03/08 13:06:53 | 000,001,409 | ---- | C] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/08 12:57:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/08 12:57:44 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/08 10:36:29 | 000,001,911 | ---- | C] () -- C:\Users\Gar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/08 10:36:29 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/08 10:13:21 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/03/08 10:07:17 | 000,002,300 | ---- | C] () -- C:\Users\Gar\Desktop\Google Chrome.lnk
[2011/03/08 10:06:29 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000UA.job
[2011/03/08 10:06:28 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3060041670-746573680-1236380484-1000Core.job
[2011/03/07 19:05:15 | 000,025,248 | ---- | C] () -- C:\Users\Gar\Documents\Registry Backup 3.reg
[2011/02/09 20:12:05 | 000,010,442 | ---- | C] () -- C:\Users\Gar\Documents\Invoice 2.odt
[2011/02/09 20:05:47 | 000,010,370 | ---- | C] () -- C:\Users\Gar\Documents\Invoice.odt
[2011/01/26 21:23:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/01/25 18:58:48 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/10/18 16:30:16 | 000,331,776 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010/10/18 16:30:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2010/10/18 16:26:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2010/10/18 16:26:32 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2010/10/18 16:25:46 | 000,450,560 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2010/10/18 16:25:46 | 000,389,120 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010/10/18 16:25:44 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2010/10/18 16:25:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2010/10/18 16:25:44 | 000,167,936 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2010/10/18 16:25:44 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2010/10/18 16:25:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2010/10/18 16:25:43 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2010/10/18 16:25:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2010/10/18 16:25:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/01/08 19:57:27 | 000,019,456 | ---- | C] () -- C:\Users\Gar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 22:59:31 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,366,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,620,086 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,107,978 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 18:07:52 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/03/11 14:04:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/11 14:04:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/11 14:04:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/11 14:04:16 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2006/09/22 06:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/03/19 18:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2005/07/08 08:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
< End of report >
A couple of years ago when I was on vacation visiting friends and some family in another state, doing what I do I fixed 5 computers from my friends kids downloading music using Limewire. Sometimes kids wont listen. Limewire has since been shutdown by a judge for copyright infringement.
Years ago the malware wasn't as bad as it is now, cyber criminals write this garbage now and there written to steal anything they can from you, some of the stuff going around today is uncleanable, another words it infects so much of the operating system that the only recourse is to format and reinstall windows.
And downloading from the torrents is one of the fastest ways of getting infected
Posted before you replied but it looks good now, how are things running ?
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Danny Watkins
2011-03-09, 15:27
Hi,
I can't get IE to start. Also if I go to download another version I can't find one for win 7. Should I download XP/Vista version instead?
Danny Watkins
2011-03-09, 15:43
installing IE9 RC now...
Danny Watkins
2011-03-09, 16:07
Hi, Internet Explorer won't start at all. Firefox and google chrome are OK.
Try this
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Double click to run.
*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.
Danny Watkins
2011-03-09, 18:19
Thanks I've run that. whats next?
Have you always had a problem with IE ?
Open IE and go to Tools> Internet Options > Advanced Tab> Reset Internet Explorer Settings > Reset .....it wont take long. Close out IE and reopen it and see if it helped
Danny Watkins
2011-03-09, 19:21
I advised him not to use it before, and use firefox or chrome instead. Im doing a reboot and there are 4 windows updates installing. I'll see what happens then....
Danny Watkins
2011-03-09, 19:39
options I get are 'start private browsing' or 'open in a new tab' but no browser window appears. Its not essential - 2 browsers should do. I can uninstall IE. What is left to do now?
Well, even though you dont use IE it should run, why dont you post here in this forum for help repairing it.
http://forums.whatthetech.com/index.php?showforum=123
You can link them to this thread so they can see what we have done, all us forums work together.
Lets update your Java to make your system more secure
Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 24, if not proceed with the instructions.
Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.
Java SE Runtime Environment (JRE)JRE 6 Update 24 <--The wording is confusing but this is what you need
Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version
You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)
Open OTL and click on CleanUp and it will remove programs we have used and there backups from your system
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Danny Watkins
2011-03-09, 21:02
Hi Ken,
I get a message saying that java is already installed when I try to install it. I had installed the latest version yesterday but in the control panel I see there is no association with java (no familiar coffee cup icon). A search for java only brings up the empty icon and the .exe file. Should I proceed with the OTL cleanup in the meantime?
Thats fine, as long as its updated. Keeping it updated is one more nail in the coffin for malware
Yes, you can clean up now
Ken :)
Danny Watkins
2011-03-10, 13:32
Ken I just want to say thanks for all your help. I will be making a donation to the cause! :rockon:
Thanks Danny,
Much appreciated.
Take Care,
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.