Infected with malware

Status
Not open for further replies.
N

nbarleen

New member
I think that I have a malware infection. AVG antivirus was unable to update, but scans find no problems. I was able to install another antivirus program, Avast, and it updates to current definitions, but still finds no problems.

I have noticed the last 2 days that windows automatic updates will not download and I cannot access automatic updates setup through control panel.

I have downloaded ERUNT and backed up the system registry.

I downloaded DDS, but when I tried to run it I get only an error message that

"This tool does not support your opperating system"
"press any key to continue..._"

When I press a key the DDS window closes.

I would greatly appreciate any help that you can offer. Thank you.
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Malware maybe preventing DDS to run, but you didn't say what your operating system is ???


Try running this program

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Thanks for your help.

My Operating system is Windows XP Professional 64 bit.

OTL seems to have run fine. The logs are posted below.


OTL logfile created on: 1/7/2011 9:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Nathan_2\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 42.66 Gb Total Space | 9.57 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
Drive D: | 42.66 Gb Total Space | 23.51 Gb Free Space | 55.10% Space Free | Partition Type: NTFS
Drive E: | 42.67 Gb Total Space | 39.54 Gb Free Space | 92.67% Space Free | Partition Type: NTFS
Drive F: | 24.67 Gb Total Space | 19.51 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive G: | 662.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 58.59 Gb Total Space | 20.83 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive I: | 58.59 Gb Total Space | 18.97 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: NATHAN-HOME-PC | User Name: Nathan_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\Nathan_2\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - H:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - H:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe (Microsoft Corporation)
PRC - H:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - H:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - H:\WINDOWS\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)


========== Modules (SafeList) ==========

MOD - H:\Documents and Settings\Nathan_2\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - H:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll (Microsoft Corporation)
MOD - H:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)
MOD - H:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)
MOD - H:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)
MOD - H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (xmlprov) -- H:\WINDOWS\SysNative\xmlprov.dll File not found
SRV:64bit: - (WZCSVC) -- H:\WINDOWS\SysNative\wzcsvc.dll File not found
SRV:64bit: - (wuauserv) -- H:\WINDOWS\SysNative\wuauserv.dll File not found
SRV:64bit: - (Wmi) -- H:\WINDOWS\SysNative\advapi32.dll File not found
SRV:64bit: - (WebUpdate4) -- H:\WINDOWS\SysNative\WebUpdateSvc4.exe File not found
SRV:64bit: - (UPS) -- H:\WINDOWS\SysNative\ups.exe File not found
SRV:64bit: - (TlntSvr) -- H:\WINDOWS\SysNative\tlntsvr.exe File not found
SRV:64bit: - (SysmonLog) -- H:\WINDOWS\SysNative\smlogsvc.exe File not found
SRV:64bit: - (srservice) -- H:\WINDOWS\SysNative\srsvc.dll File not found
SRV:64bit: - (SCardSvr) -- H:\WINDOWS\SysNative\SCardSvr.exe File not found
SRV:64bit: - (RDSessMgr) -- H:\WINDOWS\SysNative\sessmgr.exe File not found
SRV:64bit: - (PlugPlay) -- H:\WINDOWS\SysNative\services.exe File not found
SRV:64bit: - (NtmsSvc) -- H:\WINDOWS\SysNative\ntmssvc.dll File not found
SRV:64bit: - (NetDDEdsdm) -- H:\WINDOWS\SysNative\netdde.exe File not found
SRV:64bit: - (NetDDE) -- H:\WINDOWS\SysNative\netdde.exe File not found
SRV:64bit: - (mnmsrvc) -- H:\WINDOWS\SysNative\mnmsrvc.exe File not found
SRV:64bit: - (Messenger) -- H:\WINDOWS\SysNative\msgsvc.dll File not found
SRV:64bit: - (ImapiService) -- H:\WINDOWS\SysNative\imapi.exe File not found
SRV:64bit: - (HTTPFilter) -- H:\WINDOWS\SysNative\w3ssl.dll File not found
SRV:64bit: - (Eventlog) -- H:\WINDOWS\SysNative\services.exe File not found
SRV:64bit: - (ERSvc) -- H:\WINDOWS\SysNative\ersvc.dll File not found
SRV:64bit: - (dmserver) -- H:\WINDOWS\SysNative\dmserver.dll File not found
SRV:64bit: - (dmadmin) -- H:\WINDOWS\SysNative\dmadmin.exe File not found
SRV:64bit: - (ClipSrv) -- H:\WINDOWS\SysNative\clipsrv.exe File not found
SRV:64bit: - (CiSvc) -- H:\WINDOWS\SysNative\cisvc.exe File not found
SRV:64bit: - (Ati HotKey Poller) -- H:\WINDOWS\SysNative\Ati2evxx.exe File not found
SRV:64bit: - (AppMgmt) -- H:\WINDOWS\SysNative\appmgmts.dll File not found
SRV:64bit: - (Alerter) -- H:\WINDOWS\SysNative\alrsvc.dll File not found
SRV:64bit: - (avast! Web Scanner) -- H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AVG Security Toolbar Service) -- H:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9wd) -- H:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- H:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Amazon Download Agent) -- H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (FLEXnet Licensing Service) -- H:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeActiveFileMonitor7.0) -- H:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WebUpdate4) -- H:\WINDOWS\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
SRV - (helpsvc) -- H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- H:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpdUsb) -- H:\WINDOWS\SysNative\DRIVERS\wpdusb.sys File not found
DRV:64bit: - (wdmaud) -- H:\WINDOWS\SysNative\drivers\wdmaud.sys File not found
DRV:64bit: - (Update) -- H:\WINDOWS\SysNative\DRIVERS\update.sys File not found
DRV:64bit: - (sysaudio) -- H:\WINDOWS\SysNative\drivers\sysaudio.sys File not found
DRV:64bit: - (swmidi) -- H:\WINDOWS\SysNative\drivers\swmidi.sys File not found
DRV:64bit: - (sr) -- H:\WINDOWS\SysNative\DRIVERS\sr.sys File not found
DRV:64bit: - (splitter) -- H:\WINDOWS\SysNative\drivers\splitter.sys File not found
DRV:64bit: - (RTL8023x64) Realtek 10/100/1000 PCI NIC Family NDIS XP(x64) -- H:\WINDOWS\SysNative\DRIVERS\Rtnic64.sys File not found
DRV:64bit: - (redbook) -- H:\WINDOWS\SysNative\DRIVERS\redbook.sys File not found
DRV:64bit: - (Raspti) -- H:\WINDOWS\SysNative\DRIVERS\raspti.sys File not found
DRV:64bit: - (PxHlpa64) -- H:\WINDOWS\SysNative\Drivers\PxHlpa64.sys File not found
DRV:64bit: - (Ptilink) -- H:\WINDOWS\SysNative\DRIVERS\ptilink.sys File not found
DRV:64bit: - (PSched) -- H:\WINDOWS\SysNative\DRIVERS\psched.sys File not found
DRV:64bit: - (P1764) -- H:\WINDOWS\SysNative\drivers\P1764.sys File not found
DRV:64bit: - (ossrv) -- H:\WINDOWS\SysNative\DRIVERS\ctoss2k.sys File not found
DRV:64bit: - (NIC1394) -- H:\WINDOWS\SysNative\DRIVERS\nic1394.sys File not found
DRV:64bit: - (kmixer) -- H:\WINDOWS\SysNative\drivers\kmixer.sys File not found
DRV:64bit: - (IPSec) -- H:\WINDOWS\SysNative\DRIVERS\ipsec.sys File not found
DRV:64bit: - (IpInIp) -- H:\WINDOWS\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (Ip6Fw) -- H:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found
DRV:64bit: - (imapi) -- H:\WINDOWS\SysNative\DRIVERS\imapi.sys File not found
DRV:64bit: - (Gpc) -- H:\WINDOWS\SysNative\DRIVERS\msgpc.sys File not found
DRV:64bit: - (Ftdisk) -- H:\WINDOWS\SysNative\DRIVERS\ftdisk.sys File not found
DRV:64bit: - (dmload) -- H:\WINDOWS\SysNative\drivers\dmload.sys File not found
DRV:64bit: - (dmio) -- H:\WINDOWS\SysNative\drivers\dmio.sys File not found
DRV:64bit: - (dmboot) -- H:\WINDOWS\SysNative\drivers\dmboot.sys File not found
DRV:64bit: - (ctsfm2k) -- H:\WINDOWS\SysNative\DRIVERS\ctsfm2k.sys File not found
DRV:64bit: - (CdaD10BA) -- H:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys File not found
DRV:64bit: - (CdaC15BA) -- H:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys File not found
DRV:64bit: - (AvgTdiA) -- H:\WINDOWS\SysNative\Drivers\avgtdia.sys File not found
DRV:64bit: - (AvgMfx64) -- H:\WINDOWS\SysNative\Drivers\avgmfx64.sys File not found
DRV:64bit: - (AvgLdx64) -- H:\WINDOWS\SysNative\Drivers\avgldx64.sys File not found
DRV:64bit: - (audstub) -- H:\WINDOWS\SysNative\DRIVERS\audstub.sys File not found
DRV:64bit: - (Atmarpc) -- H:\WINDOWS\SysNative\DRIVERS\atmarpc.sys File not found
DRV:64bit: - (AtiHdmiService) -- H:\WINDOWS\SysNative\drivers\AtiHdmi.sys File not found
DRV:64bit: - (ati2mtag) -- H:\WINDOWS\SysNative\DRIVERS\ati2mtag.sys File not found
DRV:64bit: - (aswMonFlt) -- H:\WINDOWS\SysNative\drivers\aswMonFlt.sys File not found
DRV:64bit: - (Arp1394) -- H:\WINDOWS\SysNative\DRIVERS\arp1394.sys File not found
DRV:64bit: - (aec) -- H:\WINDOWS\SysNative\drivers\aec.sys File not found
DRV - (gdrv) -- H:\WINDOWS\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (mnmdd) -- H:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.umn.edu/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www1.umn.edu/twincities/index.php"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.6.9
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b873044&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: H:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/24 08:54:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: H:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/26 12:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 12:50:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/05 12:50:32 | 000,000,000 | ---D | M]

[2008/08/28 05:31:21 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Extensions
[2011/01/06 13:30:28 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions
[2010/07/04 13:45:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/05 13:29:38 | 000,000,000 | ---D | M] (Integrated Gmail) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010/06/30 05:12:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/05 10:02:34 | 000,000,000 | ---D | M] (Move Media Player) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\moveplayer@movenetworks.com
[2008/04/12 19:55:34 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\o4qdcc3a.default\extensions
[2010/12/28 11:49:09 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/24 08:54:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- H:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/10/26 12:49:56 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- H:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/03/28 02:26:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- H:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- H:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] H:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [avast5] H:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] H:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [OpwareSE4] H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] H:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: H:\Documents and Settings\Nathan_2\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = H:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umn.edu ([tc.liblink] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umn.edu ([www.sciencedirect.com.floyd.lib] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208057520689 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - H:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - H:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop WallPaper: H:\Documents and Settings\Nathan_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Nathan_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/04 05:39:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/14 10:32:04 | 000,000,000 | R--D | M] - G:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2007/06/14 17:23:01 | 000,263,744 | R--- | M] (Firaxis Games) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/07/17 11:11:01 | 000,006,299 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2d4c007d-9154-11dd-8f37-001d7dd97749}\Shell - "" = AutoRun
O33 - MountPoints2\{2d4c007d-9154-11dd-8f37-001d7dd97749}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d4c007d-9154-11dd-8f37-001d7dd97749}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5ff54f46-08c9-11dd-9e10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ff54f46-08c9-11dd-9e10-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ff54f46-08c9-11dd-9e10-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2007/06/14 17:23:01 | 000,263,744 | R--- | M] (Firaxis Games)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 12:50:29 | 000,000,000 | -HSD | C] -- H:\Config.Msi
[2011/01/05 10:19:00 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT
[2011/01/05 10:18:20 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\ERUNT
[2011/01/05 10:18:20 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/05 09:12:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Nathan_2\Application Data\Malwarebytes
[2011/01/05 09:10:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/05 09:10:52 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/05 06:43:38 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Sun
[2011/01/05 06:43:38 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Java
[2011/01/05 06:43:19 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\deployJava1.dll
[2011/01/05 06:43:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\javaws.exe
[2011/01/05 06:43:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\javaw.exe
[2011/01/05 06:43:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\SysWow64\java.exe
[2011/01/02 22:55:50 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Spybot - Search & Destroy
[2011/01/02 22:55:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/30 16:52:14 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2010/12/30 16:51:57 | 000,167,592 | ---- | C] (AVAST Software) -- H:\WINDOWS\SysWow64\aswBoot.exe
[2010/12/30 16:51:57 | 000,038,848 | ---- | C] (AVAST Software) -- H:\WINDOWS\avastSS.scr
[2010/12/30 16:51:54 | 000,000,000 | ---D | C] -- H:\Program Files\Alwil Software
[2010/12/30 16:51:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/03/05 15:30:18 | 001,694,728 | ---- | C] (Microsoft Corporation) -- H:\Program Files (x86)\Common Files\dsetup32.dll
[2008/03/05 15:30:18 | 000,527,880 | ---- | C] (Microsoft Corporation) -- H:\Program Files (x86)\Common Files\DXSETUP.exe
[2008/03/05 15:30:18 | 000,097,288 | ---- | C] (Microsoft Corporation) -- H:\Program Files (x86)\Common Files\DSETUP.dll
[2002/04/11 00:41:06 | 000,065,536 | ---- | C] ( ) -- H:\WINDOWS\SysWow64\A3d.dll
[6 H:\WINDOWS\SysWow64\*.tmp files -> H:\WINDOWS\SysWow64\*.tmp -> ]
[3 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 21:02:00 | 000,000,990 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-645611912-2415833549-507389382-1003UA.job
[2011/01/07 15:02:00 | 000,000,938 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-645611912-2415833549-507389382-1003Core.job
[2011/01/05 16:29:32 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/01/05 16:20:43 | 000,000,752 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\010511.csv
[2011/01/05 10:39:09 | 000,000,956 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2011/01/05 10:18:29 | 000,000,797 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/05 10:18:22 | 000,000,622 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Desktop\ERUNT.lnk
[2011/01/01 08:50:16 | 000,001,759 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/01/01 08:47:56 | 000,002,309 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Desktop\Google Chrome.lnk
[2011/01/01 08:47:56 | 000,002,287 | ---- | M] () -- H:\Documents and Settings\Nathan_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/30 16:52:14 | 000,001,684 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 16:52:08 | 000,000,000 | ---- | M] () -- H:\WINDOWS\SysWow64\config.nt
[2010/12/29 17:59:46 | 000,011,743 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\building roster.xlsx
[2010/12/28 06:32:30 | 000,010,244 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\Please attach to the back of the vehicle.docx
[2010/12/17 07:20:37 | 000,380,928 | ---- | M] () -- H:\Documents and Settings\Nathan_2\My Documents\addresses.mdb
[2010/12/13 10:56:17 | 000,000,292 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2010/12/13 10:56:16 | 000,000,031 | ---- | M] () -- H:\WINDOWS\WebUpdateSvc4.INI
[6 H:\WINDOWS\SysWow64\*.tmp files -> H:\WINDOWS\SysWow64\*.tmp -> ]
[3 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 16:20:43 | 000,000,752 | ---- | C] () -- H:\Documents and Settings\Nathan_2\My Documents\010511.csv
[2011/01/05 10:18:29 | 000,000,797 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/05 10:18:22 | 000,000,622 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Desktop\ERUNT.lnk
[2011/01/05 09:42:21 | 000,296,448 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Desktop\gmer.exe
[2011/01/01 08:50:16 | 000,001,759 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/12/30 16:52:14 | 000,001,684 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 16:52:08 | 000,000,000 | ---- | C] () -- H:\WINDOWS\SysWow64\config.nt
[2010/12/28 06:32:30 | 000,010,244 | ---- | C] () -- H:\Documents and Settings\Nathan_2\My Documents\Please attach to the back of the vehicle.docx
[2009/06/24 09:08:57 | 000,000,290 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2009/01/18 22:24:35 | 000,111,944 | ---- | C] () -- H:\WINDOWS\SysWow64\TPActiveX.dll
[2008/11/15 18:14:34 | 000,004,608 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/13 08:46:38 | 000,000,292 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2008/10/13 08:46:38 | 000,000,031 | ---- | C] () -- H:\WINDOWS\WebUpdateSvc4.INI
[2008/04/14 08:39:38 | 000,000,157 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Application Data\ntl.ini
[2008/04/13 19:51:26 | 000,001,953 | ---- | C] () -- H:\Documents and Settings\Nathan_2\Application Data\ntl.nws
[2008/04/13 10:24:57 | 000,040,960 | ---- | C] () -- H:\WINDOWS\SysWow64\IPPCPUID.DLL
[2008/04/13 10:24:42 | 000,011,776 | ---- | C] () -- H:\WINDOWS\SysWow64\pmsbfn32.dll
[2008/04/13 10:23:04 | 000,000,428 | ---- | C] () -- H:\WINDOWS\MAXLINK.INI
[2008/04/12 20:13:36 | 000,541,752 | ---- | C] () -- H:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/04/12 14:14:16 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2008/03/05 15:30:20 | 001,805,306 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx9_36_x64.cab
[2008/03/05 15:30:20 | 001,773,110 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx9_37_x64.cab
[2008/03/05 15:30:20 | 001,712,608 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx9_36_x86.cab
[2008/03/05 15:30:20 | 001,446,530 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx9_37_x86.cab
[2008/03/05 15:30:20 | 001,413,862 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_d3dx9_31_x64.cab
[2008/03/05 15:30:20 | 001,128,177 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_d3dx9_31_x86.cab
[2008/03/05 15:30:20 | 000,867,848 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx10_36_x64.cab
[2008/03/05 15:30:20 | 000,807,132 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_d3dx10_36_x86.cab
[2008/03/05 15:30:20 | 000,254,442 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XAudio_x64.cab
[2008/03/05 15:30:20 | 000,229,498 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XAudio_x86.cab
[2008/03/05 15:30:20 | 000,200,010 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_XACT_x64.cab
[2008/03/05 15:30:20 | 000,183,321 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_XACT_x64.cab
[2008/03/05 15:30:20 | 000,151,512 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_XACT_x86.cab
[2008/03/05 15:30:20 | 000,138,977 | ---- | C] () -- H:\Program Files (x86)\Common Files\OCT2006_XACT_x86.cab
[2008/03/05 15:30:20 | 000,125,584 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XACT_x64.cab
[2008/03/05 15:30:20 | 000,096,982 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_XACT_x86.cab
[2008/03/05 15:30:20 | 000,086,925 | ---- | C] () -- H:\Program Files (x86)\Common Files\Oct2005_xinput_x64.cab
[2008/03/05 15:30:20 | 000,058,306 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_X3DAudio_x64.cab
[2008/03/05 15:30:20 | 000,049,392 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_X3DAudio_x64.cab
[2008/03/05 15:30:20 | 000,046,247 | ---- | C] () -- H:\Program Files (x86)\Common Files\Oct2005_xinput_x86.cab
[2008/03/05 15:30:20 | 000,025,115 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_X3DAudio_x86.cab
[2008/03/05 15:30:20 | 000,021,744 | ---- | C] () -- H:\Program Files (x86)\Common Files\NOV2007_X3DAudio_x86.cab
[2008/03/05 15:30:18 | 013,265,040 | ---- | C] () -- H:\Program Files (x86)\Common Files\dxnt.cab
[2008/03/05 15:30:18 | 001,803,760 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx9_35_x64.cab
[2008/03/05 15:30:18 | 001,711,752 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx9_35_x86.cab
[2008/03/05 15:30:18 | 001,611,374 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx9_34_x64.cab
[2008/03/05 15:30:18 | 001,610,958 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx9_33_x64.cab
[2008/03/05 15:30:18 | 001,610,886 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx9_34_x86.cab
[2008/03/05 15:30:18 | 001,609,639 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx9_33_x86.cab
[2008/03/05 15:30:18 | 001,575,336 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx9_32_x86.cab
[2008/03/05 15:30:18 | 001,572,114 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx9_32_x64.cab
[2008/03/05 15:30:18 | 001,363,684 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_d3dx9_29_x64.cab
[2008/03/05 15:30:18 | 001,358,864 | ---- | C] () -- H:\Program Files (x86)\Common Files\Dec2005_d3dx9_28_x64.cab
[2008/03/05 15:30:18 | 001,351,430 | ---- | C] () -- H:\Program Files (x86)\Common Files\Aug2005_d3dx9_27_x64.cab
[2008/03/05 15:30:18 | 001,336,890 | ---- | C] () -- H:\Program Files (x86)\Common Files\Jun2005_d3dx9_26_x64.cab
[2008/03/05 15:30:18 | 001,248,387 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2005_d3dx9_24_x64.cab
[2008/03/05 15:30:18 | 001,156,363 | ---- | C] () -- H:\Program Files (x86)\Common Files\BDANT.cab
[2008/03/05 15:30:18 | 001,085,608 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_d3dx9_29_x86.cab
[2008/03/05 15:30:18 | 001,080,344 | ---- | C] () -- H:\Program Files (x86)\Common Files\Dec2005_d3dx9_28_x86.cab
[2008/03/05 15:30:18 | 001,078,532 | ---- | C] () -- H:\Program Files (x86)\Common Files\Aug2005_d3dx9_27_x86.cab
[2008/03/05 15:30:18 | 001,065,813 | ---- | C] () -- H:\Program Files (x86)\Common Files\Jun2005_d3dx9_26_x86.cab
[2008/03/05 15:30:18 | 001,014,113 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2005_d3dx9_24_x86.cab
[2008/03/05 15:30:18 | 000,976,020 | ---- | C] () -- H:\Program Files (x86)\Common Files\BDAXP.cab
[2008/03/05 15:30:18 | 000,855,886 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx10_35_x64.cab
[2008/03/05 15:30:18 | 000,848,132 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx10_37_x64.cab
[2008/03/05 15:30:18 | 000,821,508 | ---- | C] () -- H:\Program Files (x86)\Common Files\Mar2008_d3dx10_37_x86.cab
[2008/03/05 15:30:18 | 000,800,467 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_d3dx10_35_x86.cab
[2008/03/05 15:30:18 | 000,702,644 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx10_34_x64.cab
[2008/03/05 15:30:18 | 000,702,212 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx10_33_x64.cab
[2008/03/05 15:30:18 | 000,702,072 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_d3dx10_34_x86.cab
[2008/03/05 15:30:18 | 000,699,465 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_d3dx10_33_x86.cab
[2008/03/05 15:30:18 | 000,213,767 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx10_00_x64.cab
[2008/03/05 15:30:18 | 000,201,696 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,200,722 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,199,366 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,198,275 | ---- | C] () -- H:\Program Files (x86)\Common Files\FEB2007_XACT_x64.cab
[2008/03/05 15:30:18 | 000,193,435 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,192,680 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_d3dx10_00_x86.cab
[2008/03/05 15:30:18 | 000,183,863 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,181,745 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,179,247 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_XACT_x64.cab
[2008/03/05 15:30:18 | 000,156,612 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,156,509 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,154,825 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,151,583 | ---- | C] () -- H:\Program Files (x86)\Common Files\FEB2007_XACT_x86.cab
[2008/03/05 15:30:18 | 000,146,559 | ---- | C] () -- H:\Program Files (x86)\Common Files\DEC2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,138,195 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,134,631 | ---- | C] () -- H:\Program Files (x86)\Common Files\JUN2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,133,991 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,133,297 | ---- | C] () -- H:\Program Files (x86)\Common Files\Feb2006_XACT_x86.cab
[2008/03/05 15:30:18 | 000,100,417 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_xinput_x64.cab
[2008/03/05 15:30:18 | 000,097,396 | ---- | C] () -- H:\Program Files (x86)\Common Files\dxupdate.cab
[2008/03/05 15:30:18 | 000,088,102 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_xinput_x64.cab
[2008/03/05 15:30:18 | 000,087,989 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_xinput_x64.cab
[2008/03/05 15:30:18 | 000,056,902 | ---- | C] () -- H:\Program Files (x86)\Common Files\APR2007_xinput_x86.cab
[2008/03/05 15:30:18 | 000,047,596 | ---- | C] () -- H:\Program Files (x86)\Common Files\dxdllreg_x86.cab
[2008/03/05 15:30:18 | 000,047,018 | ---- | C] () -- H:\Program Files (x86)\Common Files\AUG2006_xinput_x86.cab
[2008/03/05 15:30:18 | 000,046,898 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_xinput_x86.cab
[2008/03/05 15:30:16 | 004,163,518 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_MDX1_x86_Archive.cab
[2008/03/05 15:30:16 | 001,398,718 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_d3dx9_30_x64.cab
[2008/03/05 15:30:16 | 001,348,242 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2005_d3dx9_25_x64.cab
[2008/03/05 15:30:16 | 001,116,109 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_d3dx9_30_x86.cab
[2008/03/05 15:30:16 | 001,079,850 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2005_d3dx9_25_x86.cab
[2008/03/05 15:30:16 | 000,917,318 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_MDX1_x86.cab
[2008/03/05 15:30:16 | 000,180,021 | ---- | C] () -- H:\Program Files (x86)\Common Files\Apr2006_XACT_x64.cab
[2007/02/18 06:00:00 | 001,278,464 | ---- | C] () -- H:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- H:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- H:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- H:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- H:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- H:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- H:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- H:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- H:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- H:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- H:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- H:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- H:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- H:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- H:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- H:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- H:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- H:\WINDOWS\SysWow64\msdxmlc.dll
[2005/05/03 10:38:42 | 000,064,512 | ---- | C] () -- H:\WINDOWS\SysWow64\P17.dll
[2005/01/03 10:10:44 | 000,319,488 | ---- | C] () -- H:\WINDOWS\SysWow64\DLXAPI32.DLL
[2003/10/02 09:48:18 | 000,053,248 | ---- | C] () -- H:\WINDOWS\SysWow64\P17CPI.dll

========== LOP Check ==========

[2010/12/30 16:51:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/05 16:17:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Amazon
[2010/10/26 12:50:01 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/05/25 14:05:59 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG7
[2010/02/25 20:21:36 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\avg9
[2008/04/12 20:35:25 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/12/14 16:05:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\espionServerData
[2008/04/12 22:09:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/05 16:18:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\HipSoft
[2009/09/29 10:12:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Merscom
[2008/04/13 10:22:59 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/20 17:47:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\StatTransfer9
[2009/05/19 14:14:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/26 22:22:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Zylom
[2008/06/05 05:49:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Amazon
[2008/05/08 14:57:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Canon
[2008/11/23 21:52:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\GARMIN
[2008/12/06 17:23:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\HDRsoft
[2009/09/29 10:12:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Merscom
[2008/04/18 08:32:42 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\My Games
[2008/04/14 19:47:01 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Netscape
[2008/04/13 10:30:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\NewSoft
[2008/04/13 10:23:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\ScanSoft
[2008/04/12 20:56:29 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Nathan_2\Application Data\Thunderbird
[2011/01/05 23:02:00 | 000,032,524 | ---- | M] () -- H:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 1/7/2011 9:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = H:\Documents and Settings\Nathan_2\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 42.66 Gb Total Space | 9.57 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
Drive D: | 42.66 Gb Total Space | 23.51 Gb Free Space | 55.10% Space Free | Partition Type: NTFS
Drive E: | 42.67 Gb Total Space | 39.54 Gb Free Space | 92.67% Space Free | Partition Type: NTFS
Drive F: | 24.67 Gb Total Space | 19.51 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive G: | 662.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 58.59 Gb Total Space | 20.83 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive I: | 58.59 Gb Total Space | 18.97 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: NATHAN-HOME-PC | User Name: Nathan_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- H:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- H:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [open] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avginet.exe" = H:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgupd.exe" = H:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgemc.exe" = H:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe" = H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe:*:Disabled:Navigator -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla.org)
"H:\Program Files (x86)\Mozilla Firefox\firefox.exe" = H:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"H:\Program Files (x86)\Java\jre6\bin\javaws.exe" = H:\Program Files (x86)\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"H:\Program Files (x86)\AVG\AVG9\avgupd.exe" = H:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = H:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\Java\jre6\bin\java.exe" = H:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avginet.exe" = H:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe" = H:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = H:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgupd.exe" = H:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"H:\Program Files (x86)\AVG\AVG8\avgemc.exe" = H:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe" = H:\Program Files (x86)\Netscape\Navigator 9\navigator.exe:*:Disabled:Navigator -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla.org)
"H:\Program Files (x86)\Mozilla Firefox\firefox.exe" = H:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"H:\Program Files (x86)\Java\jre6\bin\javaws.exe" = H:\Program Files (x86)\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"H:\Program Files (x86)\AVG\AVG9\avgupd.exe" = H:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = H:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files (x86)\Java\jre6\bin\java.exe" = H:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FF9188A-595B-7AF3-EE61-9E94A96411F9}" = ccc-utility64
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ATI Display Driver" = ATI Display Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{024729A3-6BE9-F0DD-E6C4-A95CF7159A1C}" = CCC Help Thai
"{03E26CB2-2D09-EE9E-7C42-F9EDDBA61292}" = Catalyst Control Center Localization Portuguese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1114F843-609B-E030-D9E9-D4BE7772B36C}" = Catalyst Control Center Localization Czech
"{17F2ACCF-309D-2B41-3D40-A3F569F57EDA}" = CCC Help Finnish
"{1D893CF9-2C8D-3B98-457D-EB5F3578BC30}" = CCC Help Italian
"{1DD34CAF-3E11-B6F8-70CD-D281DFA7CA52}" = Skins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2105D2A8-6360-6AB2-1889-95286C9E1757}" = Catalyst Control Center Localization Italian
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{2B0838A1-05EB-A135-550A-84CE19A4FB8B}" = Catalyst Control Center Localization Norwegian
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32A41613-DBF2-8AD3-244C-E9CC9C9B630D}" = CCC Help Chinese Traditional
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39C3617A-C7AC-EDF0-DD71-77A1AF8ACD4B}" = CCC Help Portuguese
"{39FDE6F8-5D02-EC16-967E-3D36AE3D9C4E}" = Catalyst Control Center Graphics Full Existing
"{41C77DAD-7A71-9108-442A-0D134D75AF48}" = CCC Help Spanish
"{4413D70B-5617-3718-B3DB-E83E9F2A20C9}" = CCC Help Hungarian
"{450DA020-DB18-E288-31C3-3B3F872A776E}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E544E75-4FC7-5224-9C37-3D2831CDB017}" = Catalyst Control Center Localization Russian
"{567D03AD-B75E-0F08-087B-13C1FF67C7D7}" = Catalyst Control Center Graphics Full New
"{5F1B0D76-AFC0-6382-C507-D61E0D4CD3DC}" = Catalyst Control Center Core Implementation
"{62834027-0A20-19E2-8ADA-8AC11DA07723}" = CCC Help Russian
"{63A9FB11-2708-7EAE-4AE4-765115E4151D}" = CCC Help Turkish
"{66CB0251-AB0E-5D30-4A04-7C9F9F26B7EE}" = Catalyst Control Center Localization Turkish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68C37F3D-2038-A60A-3DC4-60CAC421CF15}" = CCC Help Japanese
"{6A1DA78D-8895-3411-5954-3DE90EB4839A}" = CCC Help Chinese Standard
"{6E9087C5-4D61-8AE6-0972-3C7A0BAC64D7}" = Catalyst Control Center Localization Finnish
"{706A3FF0-1EA1-3FF0-69A5-DE0B22F5230A}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E033C3-D3EB-ECAA-7815-2C7DBBDF1AF3}" = Catalyst Control Center Localization Spanish
"{78F4F3F8-6ED5-34AD-CAD2-AC6127729138}" = CCC Help Swedish
"{7CC7F961-1F31-39AD-8423-8E9220676B2E}" = CCC Help Polish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889BCCBD-8C77-8D09-9BDF-DE6210E70AF2}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF1BF2B-FA5E-1A95-60DB-F28CB2070FBC}" = Catalyst Control Center Localization Greek
"{8BEA6A31-651C-C4DC-E174-561BB14120B3}" = Catalyst Control Center Localization French
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{948B21FA-48AF-AA3E-9770-02625F0108AC}" = Catalyst Control Center Localization Swedish
"{972826C4-7E9D-F0DA-1EA9-B2D223722370}" = CCC Help Czech
"{98E8285F-6B11-4ABD-15BA-2A369C3FDD86}" = Catalyst Control Center Localization Hungarian
"{A0794C57-D8F2-5423-CA67-384D45EB382B}" = CCC Help Danish
"{A41A8666-3EC8-51B2-2927-493FBA5CE2B5}" = CCC Help French
"{A828F8F2-BD8C-6F85-7280-0D252D34AC5D}" = Catalyst Control Center Localization Thai
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}" = PassAlong Software
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
"{B2F2C082-77FD-6C2C-2EC8-FBB852B8B51A}" = CCC Help Korean
"{BA235311-3EA5-83C7-F0E4-3FFED48A3110}" = ccc-core-preinstall
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFB450D8-BCCB-C608-C2D3-2F863B0A1A09}" = CCC Help Dutch
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CB99356B-F8B6-EE9B-806F-57E58CDB8A49}" = Catalyst Control Center Graphics Light
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2C811DF-7927-A826-DD0A-F4BD7756A09B}" = Catalyst Control Center Localization Chinese Standard
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D30125D5-23F3-BD39-DE6B-6483E21F34C1}" = Catalyst Control Center Localization Chinese Traditional
"{D6D2D227-3431-82D1-08CA-D48F7D5B12FF}" = Catalyst Control Center Localization Polish
"{D7CC2103-F5A3-E151-F2E9-C94513A47F3F}" = Catalyst Control Center Localization Dutch
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ECDD7BD7-AA20-A0EC-C91A-34FDB52E171B}" = CCC Help German
"{F5461972-F6A5-853A-1B4B-F5AD2CB78A89}" = Catalyst Control Center Localization Japanese
"{F68A5AEF-061D-0A49-D440-C54D96496CE8}" = ccc-core-static
"{F7B37275-A11B-0B97-6F69-038E9569002E}" = Catalyst Control Center Localization Korean
"{FF04C032-D077-4E74-4BBD-B44B0C82CD2D}" = Catalyst Control Center Localization German
"{FFA07CE3-8ABF-F029-657D-422FDAE76594}" = Catalyst Control Center Localization Danish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSNINST" = MSN
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.2
"Stat/Transfer" = Stat/Transfer Nine
"Web Games Player Plugin" = Web Games Player Plugin
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"Write-N-Cite" = Write-N-Cite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2010 2:48:47 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avg_free_stb_all_2011_1136_upgrade.exe, version
10.0.0.1136, faulting module avg_free_stb_all_2011_1136_upgrade.exe, version 10.0.0.1136,
fault address 0x00009d8b.

Error - 10/20/2010 2:49:08 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avg_free_stb_all_2011_1136_upgrade.exe, version
10.0.0.1136, faulting module avg_free_stb_all_2011_1136_upgrade.exe, version 10.0.0.1136,
fault address 0x00009d8b.

Error - 10/20/2010 2:49:16 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1001
Description = Fault bucket -2146196568.

Error - 10/26/2010 4:53:29 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application Stata-64.exe, version 321.11.1.701, hang module
hungapp, version 0.0.0.0, hang address 0x0000000000000000.

Error - 10/26/2010 4:54:02 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 23745227.

Error - 10/30/2010 1:55:46 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2010 8:54:32 PM | Computer Name = NATHAN-HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2010 12:12:14 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avast.setup, version 5.0.0.0, faulting module
ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 12/31/2010 12:12:58 PM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1001
Description = Fault bucket 1437815387.

Error - 1/5/2011 8:22:13 AM | Computer Name = NATHAN-HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application avast.setup, version 5.0.0.0, faulting module
ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

[ System Events ]
Error - 1/1/2011 10:49:24 AM | Computer Name = NATHAN-HOME-PC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2289158).

Error - 1/5/2011 8:35:45 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 8:35:45 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 10:59:54 AM | Computer Name = NATHAN-HOME-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001D7DD97749 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/5/2011 11:00:13 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 11:00:13 AM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:13:03 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:13:03 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:41:23 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 1/5/2011 12:41:23 PM | Computer Name = NATHAN-HOME-PC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >
 
Lets run this program and see what it finds and removes


Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
For some reason Malware bytes won't install properly. Tried downloading from each site but during installation I get the pop-up window that says

H:\Documents and Settings\...\rules.ref

A file is corrupted. Press ignore to skip (Not recommended) or Abort to cancel installation.

I pressed Ignore to continue with installation.

When Malwarebytes updates I get another pop up message:
"The current database is not supported by this version of Malwarebytes. Please download the latest version of the program"

I clicked OK to close the box

Then the same box pops up again. I am guessing when the computer tries to run Malwarebytes.

I get the same message when I try to start Malwarebytes from the start menu.
 
Why do you have H set as your main drive ?

Try this one in lew of Malwarebytes.

Please download SuperAntiSpyware Free
Install the program
  • Run SuperAntiSpyware and click: Check for updates
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply
 
I'm not entirely sure why H was set as the system drive, but the guy who built the system for me about 4 years ago did assign H:/ as the system drive.

SuperAntiSpyware won't install. The file seems to download and save but it won't install when I try to open it. It doesn't pull up warnings or anything, it just runs and runs and runs with nothing happening.
 
Hi,

Lets see if there is a rootkit involved

Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.
    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 
It looks like something is preventing it from running again.

I can download or download and unzip the installer, but when I try to run the installer I get an error box that pops up.

This time it says "Error loading driver, NTSTATUS code: 0xC000036B"

I click okay and it is done.
 
Your running 64 bit Windows, some of these programs most likely wont run on 64bit.

Lets try this online virus scanner


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
Here is the ESETscan log produced

H:\Documents and Settings\Nathan_2\Local Settings\Temp\jar_cache1716828560100141979.tmp probably a variant of Java/TrojanDownloader.OpenStream.NAO trojan
H:\Documents and Settings\Nathan_2\Local Settings\Temp\jar_cache7127897087604961354.tmp probably a variant of Java/TrojanDownloader.OpenStream.NAO trojan
 
Those bad entries where found in your Java Cache


Please download ATF Cleaner by Atribune to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Atribune.jpg





I need to look further as to why none of these programs will run.
 
Right Click on My Computer and click on Properties and on the General Tab tell me what it shows for your operating system
 
Hi,

What I am seeing on your log are two Antivirus, AVG 9 and Avast, you only need one, more can cause issues possibly what your experiencing now. I would suggest uninstalling AVG9.

Google Chrome may also hinder downloads and maybe corrupting the files as you download them . You may want to uninstall Chrome also

Do this and then lets try running some programs again
 
Status
Not open for further replies.
Back
Top