Jump to content

Google redirect


Recommended Posts

I picked up the Google redirect virus, apparently. Redirects happen intermittently. I've had it several months; unfortunately, when it first appeared, I thought Google had changed what it was doing and it wasn't until later I decided to research it and found out it's being caused by malware.

I'm also losing about 1GB of disk space a day, which can be recovered with Windows' Disk Cleanup utility with the option to remove old Restore Points and dump files. Is it possible this is related?

Anyway, here are my logs from MBAM, DDS, and GMER. I also have logs from Avira and DeFogger if needed.

I hope you can help me get rid of this nuisance. Thank you!

------

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7179

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

7/17/2011 8:10:49 PM

mbam-log-2011-07-17 (20-10-49).txt

Scan type: Quick scan

Objects scanned: 202188

Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_04

Run by mdavis at 20:14:48 on 2011-07-17

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.414 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\sttray.exe

C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uWindow Title = Internet Explorer provided by Dell

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe

StartupFolder: c:\users\mdavis\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

TCP: NameServer = 192.168.2.1 66.92.159.2 216.231.41.2

TCP: Interfaces\{0AE00EDB-597A-4982-91B5-406D57B40A86} : DHCPNameServer = 192.168.2.1 66.92.159.2 216.231.41.2

TCP: Interfaces\{4857C5C0-CA2E-4CC4-A2AA-C38A85AD97D6} : DHCPNameServer = 68.12.16.30 68.1.208.30 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: msdaipp - <Clsid value has no data>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: ccc-core-static - msiexec /fums {14A4C6AB-19F3-0384-CF56-7404B4505EBF} /qb

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mdavis\appdata\roaming\mozilla\firefox\profiles\gh5mihry.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/homeandgarden/home/local/20910|http://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-17 61960]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-31 2749224]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-31 15656]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2011-07-17 19:31:19 -------- d-----w- c:\users\mdavis\appdata\roaming\Avira

2011-07-17 19:14:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-17 19:14:15 -------- d-----w- c:\programdata\Avira

2011-07-17 19:14:15 -------- d-----w- c:\program files\Avira

2011-07-16 17:35:12 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{14efe41f-d825-4206-af23-21dead57760b}\mpengine.dll

2011-07-13 03:51:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-13 02:49:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-07-13 02:49:18 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-07-13 02:49:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-07-13 02:49:16 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-07-13 02:49:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-07-13 02:49:15 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-07-13 02:49:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-07-13 02:49:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-07-13 02:49:15 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-07-13 02:49:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-18 15:51:20 0 ----a-w- c:\users\mdavis\appdata\local\Bdamohah.bin

2011-06-18 15:51:19 -------- d-----w- c:\users\mdavis\appdata\local\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}

.

==================== Find3M ====================

.

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 20:16:21.53 ===============

attach.zip

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Thanks for looking into this for me.

This afternoon, Avira (which I installed yesterday) "Guard" popped up a notice that it found TR/Spy.302592.8 in the GMER executable (which I also installed yesterday). Is this just an expected false positive, or has either Avira or GMER been altered by my infection? Should I delete GMER?

The first time I ran aswMBR, it bluescreened. I rebooted, set Avira Guard to "inactive", and ran aswMBR again. This time it completed successfully.

I'm not clear on whether it's better to cut and paste the log text in my message, or attach the log files, so I'm just cutting and pasting. Please let me know if I should attach them instead.

Here are the aswMBR and OTL logs:

-----

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software

Run date: 2011-07-18 18:52:00

-----------------------------

18:52:00.303 OS Version: Windows 6.0.6002 Service Pack 2

18:52:00.318 Number of processors: 2 586 0x4802

18:52:00.318 ComputerName: MDAVIS-PC UserName: mdavis

18:52:04.334 Initialize success

18:52:17.756 AVAST engine defs: 11071801

18:52:21.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:52:21.834 Disk 0 Vendor: WDC_WD1200BEVS-75LAT0 02.06M02 Size: 114473MB BusType: 3

18:52:21.865 Disk 0 MBR read successfully

18:52:21.865 Disk 0 MBR scan

18:52:21.896 Disk 0 unknown MBR code

18:52:21.896 Disk 0 scanning sectors +234438656

18:52:22.037 Disk 0 scanning C:\Windows\system32\drivers

18:52:44.459 Service scanning

18:52:47.053 Disk 0 trace - called modules:

18:52:47.084 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys

18:52:47.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84619ac8]

18:52:47.099 3 CLASSPNP.SYS[8659d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8452c030]

18:52:49.162 AVAST engine scan C:\Windows

18:52:56.896 AVAST engine scan C:\Windows\system32

18:56:49.334 AVAST engine scan C:\Windows\system32\drivers

18:57:05.209 AVAST engine scan C:\Users\mdavis

19:38:28.912 AVAST engine scan C:\ProgramData

19:39:32.459 Scan finished successfully

19:43:49.240 Disk 0 MBR has been saved successfully to "C:\Users\mdavis\Desktop\MBR.dat"

19:43:49.240 The log file has been saved successfully to "C:\Users\mdavis\Desktop\aswMBR.txt"

-----

OTL logfile created on: 7/18/2011 8:20:26 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mdavis\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 210.76 Mb Available Physical Memory | 23.59% Memory free

2.00 Gb Paging File | 1.03 Gb Available in Paging File | 51.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 101.72 Gb Total Space | 6.04 Gb Free Space | 5.94% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.91 Gb Free Space | 49.06% Space Free | Partition Type: NTFS

Drive E: | 602.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MDAVIS-PC | User Name: mdavis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 19:45:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

PRC - [2011/07/18 15:19:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/29 22:14:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe

PRC - [2008/10/29 22:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe

PRC - [2006/11/22 18:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe

========== Modules (SafeList) ==========

MOD - [2011/07/18 19:45:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

MOD - [2010/09/11 20:32:23 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

MOD - [2009/04/11 02:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll

MOD - [2009/04/11 02:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll

MOD - [2009/04/11 02:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll

MOD - [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll

MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/19 03:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll

MOD - [2008/01/19 03:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll

MOD - [2008/01/19 03:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 15:19:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/10/29 22:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/05 00:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/11/07 15:27:02 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/07/18 15:19:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/18 15:19:25 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/07/29 00:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/10/05 22:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/07/10 22:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/02/15 22:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007/02/15 03:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007/02/08 10:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/20 15:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/20 15:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/11/20 15:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/11 19:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/10/30 12:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/17 17:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.weather.com/outlook/homeandgarden/home/local/20910|http://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14

FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.00.100530

FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.00.100530

FF - prefs.js..extensions.enabledItems: {7051DDA4-F06F-4007-A1C1-E13A2CCF2470}:1.9.1

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/13 08:25:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/12 22:49:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/12 22:49:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/02 20:58:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/09/27 12:04:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}: C:\Users\mdavis\AppData\Local\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470} [2011/06/18 11:51:19 | 000,000,000 | ---D | M]

[2011/03/02 20:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Extensions

[2011/03/02 20:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/07/12 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions

[2011/07/12 22:51:23 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2009/02/18 10:47:50 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}(9)

[2011/07/12 23:56:09 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\rikaichan-jpen@polarcloud.com

[2011/07/12 23:55:52 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\rikaichan-jpnames@polarcloud.com

[2011/07/12 22:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2008/03/03 01:50:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

File not found (No name found) --

[2011/06/18 11:51:19 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MDAVIS\APPDATA\LOCAL\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}

() (No name found) -- C:\USERS\MDAVIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GH5MIHRY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2010/09/13 09:48:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/10/30 18:06:04 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - File not found

O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bing Bar] File not found

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001..\Run: [] File not found

O4 - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9d.exe (Adobe Systems, Inc.)

O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9d.exe (Adobe Systems, Inc.)

O7 - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 66.92.159.2 216.231.41.2

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [1997/09/30 12:53:54 | 000,000,000 | ---D | M] - E:\AUTORUN -- [ CDFS ]

O32 - AutoRun File - [1997/09/24 13:17:52 | 000,000,067 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE -- [1997/09/10 12:52:00 | 000,214,016 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 19:45:09 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

[2011/07/18 18:35:15 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\mdavis\Desktop\aswMBR.exe

[2011/07/17 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/17 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\mdavis\AppData\Roaming\Avira

[2011/07/17 15:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/07/17 15:14:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/07/17 15:14:31 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/07/17 15:14:31 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/07/17 15:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/07/17 15:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/07/17 14:40:21 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\mdavis\Desktop\dds.scr

[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

[2007/04/03 00:58:19 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\RC00C140.dll

========== Files - Modified Within 30 Days ==========

[2011/07/18 19:45:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

[2011/07/18 19:43:49 | 000,000,512 | ---- | M] () -- C:\Users\mdavis\Desktop\MBR.dat

[2011/07/18 18:45:08 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/18 18:45:08 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/18 18:44:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/18 18:44:47 | 101,098,488 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/18 18:35:52 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\mdavis\Desktop\aswMBR.exe

[2011/07/18 15:19:26 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/07/18 15:19:25 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/07/18 08:57:10 | 000,002,855 | ---- | M] () -- C:\Users\mdavis\Desktop\attach.zip

[2011/07/17 20:13:34 | 000,000,000 | ---- | M] () -- C:\Users\mdavis\defogger_reenable

[2011/07/17 15:15:23 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/07/17 14:46:07 | 000,302,592 | ---- | M] () -- C:\Users\mdavis\Desktop\335mtp9d.exe

[2011/07/17 14:40:31 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\mdavis\Desktop\dds.scr

[2011/07/17 14:30:56 | 000,050,477 | ---- | M] () -- C:\Users\mdavis\Desktop\Defogger.exe

[2011/07/12 22:49:21 | 000,000,921 | ---- | M] () -- C:\Users\mdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/12 22:49:21 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/06/28 09:36:41 | 000,618,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/28 09:36:40 | 000,103,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/27 16:39:55 | 000,023,170 | ---- | M] () -- C:\Users\mdavis\Documents\EOB-Statement.pdf

[2011/06/20 20:56:18 | 000,001,124 | -HS- | M] () -- C:\ProgramData\21wyr872a806mspci6l6pym4nhj8h4mp55

[2011/06/20 20:56:17 | 000,001,124 | -HS- | M] () -- C:\Users\mdavis\AppData\Local\21wyr872a806mspci6l6pym4nhj8h4mp55

[2011/06/20 20:19:41 | 000,000,120 | ---- | M] () -- C:\Users\mdavis\AppData\Local\Srutuvacaxoj.dat

[2011/06/20 07:26:42 | 000,000,000 | ---- | M] () -- C:\Users\mdavis\AppData\Local\Bdamohah.bin

========== Files Created - No Company Name ==========

[2011/07/18 19:43:49 | 000,000,512 | ---- | C] () -- C:\Users\mdavis\Desktop\MBR.dat

[2011/07/18 18:44:47 | 101,098,488 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/07/18 08:57:08 | 000,002,855 | ---- | C] () -- C:\Users\mdavis\Desktop\attach.zip

[2011/07/17 20:13:34 | 000,000,000 | ---- | C] () -- C:\Users\mdavis\defogger_reenable

[2011/07/17 15:15:23 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/07/17 14:45:57 | 000,302,592 | ---- | C] () -- C:\Users\mdavis\Desktop\335mtp9d.exe

[2011/07/17 14:30:41 | 000,050,477 | ---- | C] () -- C:\Users\mdavis\Desktop\Defogger.exe

[2011/07/12 22:49:21 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/27 16:38:39 | 000,023,170 | ---- | C] () -- C:\Users\mdavis\Documents\EOB-Statement.pdf

[2011/06/20 20:56:16 | 000,001,124 | -HS- | C] () -- C:\Users\mdavis\AppData\Local\21wyr872a806mspci6l6pym4nhj8h4mp55

[2011/06/20 20:56:16 | 000,001,124 | -HS- | C] () -- C:\ProgramData\21wyr872a806mspci6l6pym4nhj8h4mp55

[2011/06/18 11:51:20 | 000,000,120 | ---- | C] () -- C:\Users\mdavis\AppData\Local\Srutuvacaxoj.dat

[2011/06/18 11:51:20 | 000,000,000 | ---- | C] () -- C:\Users\mdavis\AppData\Local\Bdamohah.bin

[2011/02/11 14:21:46 | 000,229,452 | ---- | C] () -- C:\Windows\System32\mls_set4.dll

[2011/02/11 14:21:46 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LMCHART1.dll

[2011/02/11 14:21:46 | 000,118,784 | ---- | C] () -- C:\Windows\System32\f18dll.dll

[2011/02/11 14:21:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\EZTW32.dll

[2011/02/11 14:21:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\tstream.dll

[2010/10/09 11:28:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/10/09 11:28:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/10/09 11:28:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/09/12 19:15:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/09/02 00:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/06/08 13:01:40 | 000,870,128 | ---- | C] () -- C:\Users\mdavis\AppData\Roaming\mcs.rma

[2009/06/08 13:01:40 | 000,000,004 | ---- | C] () -- C:\Users\mdavis\AppData\Roaming\6681F9

[2009/06/08 13:00:56 | 000,000,731 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008/04/28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/04/05 23:38:01 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2008/03/24 10:24:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/01/11 06:08:22 | 000,019,651 | ---- | C] () -- C:\Users\mdavis\AppData\Local\internal.grp

[2007/11/23 02:46:13 | 000,192,640 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2007/06/05 00:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007/04/03 00:58:20 | 000,000,074 | ---- | C] () -- C:\Windows\ricdb.ini

[2007/04/03 00:58:19 | 000,750,116 | ---- | C] () -- C:\Windows\System32\RCD0D140.DLL

[2007/04/03 00:58:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini

[2007/03/16 18:13:33 | 000,000,071 | ---- | C] () -- C:\Windows\Pex.INI

[2007/03/16 17:53:22 | 000,000,030 | ---- | C] () -- C:\Windows\iedit.INI

[2007/03/13 22:31:44 | 000,005,183 | ---- | C] () -- C:\Windows\ULEAD32.INI

[2007/03/06 21:50:14 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2007/03/05 18:10:35 | 000,004,109 | ---- | C] () -- C:\Windows\mozver.dat

[2007/02/27 22:46:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2007/02/23 21:26:19 | 000,028,160 | ---- | C] () -- C:\Users\mdavis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/02/19 14:59:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/02/19 14:59:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/02/19 14:59:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/02/19 14:59:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/02/19 07:40:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/02/19 07:26:37 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007/02/19 07:26:36 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2007/02/19 07:17:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2007/02/19 07:17:22 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE

[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:44:53 | 000,485,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:33:01 | 000,618,258 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,103,850 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2009/04/24 06:30:00 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Canon

[2011/03/22 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\FileZilla

[2010/09/15 20:10:00 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\NCH Swift Sound

[2011/02/11 14:22:15 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\PenBox 54 05297

[2011/05/20 16:31:56 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Picturenaut

[2009/06/11 09:43:53 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Recordpad

[2009/06/12 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\RiseFly

[2011/01/10 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Simple Sudoku

[2007/03/13 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Subversion

[2010/03/10 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Three Rings Design

[2011/03/02 20:58:11 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Thunderbird

[2007/11/04 06:18:10 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Ulead Systems

[2010/10/13 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\VistaCodecs

[2011/04/28 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\XTrackCad

[2009/06/08 16:44:58 | 000,000,000 | ---D | M] -- C:\Users\test.mdavis-PC.000\AppData\Roaming\NCH Swift Sound

[2009/06/08 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\test.mdavis-PC.000\AppData\Roaming\Recordpad

[2011/07/18 15:33:16 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2010/09/11 13:08:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2010/09/11 13:08:57 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2010/09/11 13:08:55 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2008/08/11 06:15:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2008/08/11 06:15:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2010/09/11 13:08:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >

[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Woodworking Plans:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Visual Studio 2005:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Updater5:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Trains:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Track Plans:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Taxes 2008:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\T Gauge:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\stormtroopers.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\shogi-vocab_files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Pantera Pens:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\New Folder:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\My Data Sources:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\My Corel Shows:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Knowledge Base Software:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\JRM:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Japanese Witholding Form 2007.tif:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\JapanDVD.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\English Materials:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\embankment3.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\embankment2.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\embankment1.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\EH500-2.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\EH500-19.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\drivers-license.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Autoshop form.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\ARMAC:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Desktop\USB Drive copy:Roxio EMC Stream

< End of report >

-----

OTL Extras logfile created on: 7/18/2011 8:20:26 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mdavis\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 210.76 Mb Available Physical Memory | 23.59% Memory free

2.00 Gb Paging File | 1.03 Gb Available in Paging File | 51.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 101.72 Gb Total Space | 6.04 Gb Free Space | 5.94% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.91 Gb Free Space | 49.06% Space Free | Partition Type: NTFS

Drive E: | 602.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MDAVIS-PC | User Name: mdavis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1520628058-3799781836-2949732212-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{50503B16-4D76-484A-AB99-353668275906}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{A26BDCEE-B118-403E-BDFE-7D60A2925B73}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{A4BB3A36-A807-4E90-B00E-F6D52DFE1313}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"TCP Query User{094861FF-ABBE-4767-A767-5F79FB203C07}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |

"TCP Query User{12B1DF66-7C97-447F-80B5-78D2FF6BE65E}C:\eclipse-ganymede\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse-ganymede\eclipse.exe |

"TCP Query User{2897EAAD-DE0A-4A79-AB89-C7AFAB696FFC}C:\program files\risefly\bestsync 2009\bestsyncapp.exe" = protocol=6 | dir=in | app=c:\program files\risefly\bestsync 2009\bestsyncapp.exe |

"TCP Query User{31AC136D-CE02-44D7-BBCA-33EEF9BD1FCF}C:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |

"TCP Query User{60C5FEDD-7B25-4E3A-9D47-03346F29D7A9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{6AECE006-EB99-4D96-915E-9A4BA5970A91}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |

"TCP Query User{6D6954AA-66E7-4AB5-B6DA-C3981560DC83}C:\program files\java\jdk1.6.0_04\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_04\bin\java.exe |

"TCP Query User{7E9EDC1B-E7E7-478A-A2DA-C1C5DE0C6B72}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"TCP Query User{80EF1B07-5558-4354-842D-29FE79C472C3}C:\eclipse-europa\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse-europa\eclipse.exe |

"TCP Query User{8DC11A9D-9EDE-49BF-9E90-837ED622B4FF}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |

"TCP Query User{9DAB7FC6-F65F-45F0-AE8B-7B01CA1E07EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{ACDB56C7-FE68-4666-BA7E-D019E306E730}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"TCP Query User{C8E4421B-E38D-46BC-BAF4-32884BAC78AC}C:\eclipse-europa\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200804021410\agent_controller\bin\acserver.exe" = protocol=6 | dir=in | app=c:\eclipse-europa\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200804021410\agent_controller\bin\acserver.exe |

"TCP Query User{D55ED124-8E5D-47B5-A579-BD1D29F0F9E3}C:\eclipse-ganymede\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200806171132\agent_controller\bin\acserver.exe" = protocol=6 | dir=in | app=c:\eclipse-ganymede\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200806171132\agent_controller\bin\acserver.exe |

"TCP Query User{FD8A90AC-4813-4F30-BE3F-82E42813D258}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |

"UDP Query User{0983B106-973A-4F28-B100-4FE80F914C62}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"UDP Query User{18BD01E6-BE61-431E-A085-57020F29441F}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

"UDP Query User{2191987E-758F-4A6D-892F-D0F5BA98580B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{23633F40-2E9B-4B2C-BA82-9E4D886AB9A8}C:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |

"UDP Query User{2EDDE620-8F32-47DA-BDA5-DE2AE2D8699A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

"UDP Query User{40794AC0-78B0-496D-B71D-F5E4DD5662BD}C:\eclipse-ganymede\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse-ganymede\eclipse.exe |

"UDP Query User{6CA0CBFA-F7A0-4227-8232-0A0C243B0615}C:\eclipse-europa\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse-europa\eclipse.exe |

"UDP Query User{8C60C191-5FEC-44B2-9F3A-BBC0144B537F}C:\eclipse-ganymede\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200806171132\agent_controller\bin\acserver.exe" = protocol=17 | dir=in | app=c:\eclipse-ganymede\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200806171132\agent_controller\bin\acserver.exe |

"UDP Query User{9AAB497A-9036-4C45-ACB9-9769A09C8AE2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{A0661507-C390-4FB7-98CA-493C103273AF}C:\program files\java\jdk1.6.0_04\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_04\bin\java.exe |

"UDP Query User{B72DF260-4ACC-4E49-9351-7E83B9980D76}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"UDP Query User{BFA05CC1-C21D-4AFC-A9FC-9E0B87B2242B}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

"UDP Query User{C5464FE3-80D7-4F9C-86D9-1A8C7BB60C1A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

"UDP Query User{DDC3FA7D-D81B-422D-8AEE-E3122CD59D69}C:\program files\risefly\bestsync 2009\bestsyncapp.exe" = protocol=17 | dir=in | app=c:\program files\risefly\bestsync 2009\bestsyncapp.exe |

"UDP Query User{E8FCCDD4-58C8-463A-8AE1-229E58FA6B4D}C:\eclipse-europa\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200804021410\agent_controller\bin\acserver.exe" = protocol=17 | dir=in | app=c:\eclipse-europa\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200804021410\agent_controller\bin\acserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{05B17AA5-C9DC-D9C6-71B9-6813F2B51EE4}" = Skins

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL ESD

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{14A4C6AB-19F3-0384-CF56-7404B4505EBF}" = ccc-core-static

"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{32A3A4F4-B792-11D6-A78A-00B0D0150140}" = J2SE Development Kit 5.0 Update 14

"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java SE Development Kit 6 Update 4

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{4459CBFD-7185-FAA0-0F47-0D80392597EB}" = Catalyst Control Center Graphics Previews Vista

"{4632C38B-4098-0308-70F8-700377DD4FBD}" = Catalyst Control Center Graphics Full Existing

"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect

"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet

"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack

"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime

"{5FBEF7B0-AD70-470F-81F8-A30C9ABA2204}" = ccc-Branding

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61E2AA57-D5A1-79AF-A4F4-AF9912D93371}" = Catalyst Control Center Graphics Previews Common

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8

"{AE9EE98A-CAF3-0DE8-D8F8-8FF6A652D81A}" = Catalyst Control Center Core Implementation

"{AF1B7E66-9A60-5527-162F-08A4AB010264}" = Catalyst Control Center Graphics Full New

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BCB35632-949E-41AA-3B8E-3C5DC3714014}" = CCC Help English

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D24A4106-B0F0-7C3B-37BC-E4FB7B5B4FE1}" = ccc-utility

"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver

"{E7476E9A-9E20-2071-86B1-21E432C8F93D}" = Catalyst Control Center Graphics Light

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54

"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts

"Armadillo Run_is1" = Armadillo Run Version 2.1.2 Beta

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"FileZilla Client" = FileZilla Client 3.3.5.1

"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU

"MozBackup_is1" = MozBackup 1.4.6

"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)

"Mozilla Thunderbird (3.1.8)" = Mozilla Thunderbird (3.1.8)

"nbi-javame-toolkit-3.0.0.0.20090408" = Java Platform, Micro Edition Software Development Kit 3.0

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"PenBox 54" = PenBox 54

"Picasa 3" = Picasa 3

"Rhapsody" = Rhapsody

"Simple Sudoku_is1" = Simple Sudoku 4.2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wacom Tablet Driver" = Wacom Tablet

"XTrkCAD 4.0.3a" = XTrkCAD 4.0.3a

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1520628058-3799781836-2949732212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Converter" = Converter

"DialogDemo" = DialogDemo

"SwingPaintDemo4" = SwingPaintDemo4

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/24/2011 1:41:08 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 6/24/2011 4:01:26 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 6/24/2011 6:27:55 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 6/25/2011 2:17:50 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 6/25/2011 5:59:25 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 6/27/2011 2:29:01 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 7/1/2011 10:35:25 AM | Computer Name = mdavis-PC | Source = TabletServiceWacom | ID = 0

Description =

Error - 7/1/2011 1:54:28 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 7/3/2011 3:44:37 PM | Computer Name = mdavis-PC | Source = EventSystem | ID = 4621

Description =

Error - 7/5/2011 12:27:32 PM | Computer Name = mdavis-PC | Source = Windows Search Service | ID = 3013

Description =

[ Broadcom Wireless LAN Events ]

Error - 5/23/2011 2:52:41 PM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = 14:52:40, Mon, May 23, 11 Error - Unable to gain access to user store

Error - 5/23/2011 4:54:02 PM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = 16:54:02, Mon, May 23, 11 Error - Unable to gain access to user store

Error - 5/30/2011 12:53:08 PM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless

Adapter Manager Container)

Error - 6/20/2011 9:34:31 PM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = 21:34:31, Mon, Jun 20, 11 Error - Unable to gain access to user store

Error - 6/26/2011 4:19:46 PM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = 16:19:46, Sun, Jun 26, 11 Error - Unable to gain access to user store

Error - 7/6/2011 7:08:49 AM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = 07:08:48, Wed, Jul 06, 11 Error - Unable to gain access to user store

Error - 7/18/2011 6:45:24 PM | Computer Name = mdavis-PC | Source = WLAN-Tray | ID = 0

Description = 18:45:02, Mon, Jul 18, 11 Error - Unable to gain access to user store

[ System Events ]

Error - 7/13/2011 8:30:45 AM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/14/2011 7:27:59 AM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/16/2011 1:14:11 PM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/16/2011 7:09:45 PM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/17/2011 9:08:09 AM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/17/2011 2:37:24 PM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/18/2011 9:26:08 AM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 7/18/2011 4:06:45 PM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/18/2011 6:44:59 PM | Computer Name = mdavis-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 6:43:20 PM on 7/18/2011 was unexpected.

Error - 7/18/2011 6:46:26 PM | Computer Name = mdavis-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/06/18 11:51:19 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MDAVIS\APPDATA\LOCAL\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}
    O4 - HKU\S-1-5-21-1520628058-3799781836-2949732212-1001..\Run: [] File not found
    O33 - MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE -- [1997/09/10 12:52:00 | 000,214,016 | R--- | M] ()
    [2011/06/20 20:56:18 | 000,001,124 | -HS- | M] () -- C:\ProgramData\21wyr872a806mspci6l6pym4nhj8h4mp55
    [2011/06/20 20:56:17 | 000,001,124 | -HS- | M] () -- C:\Users\mdavis\AppData\Local\21wyr872a806mspci6l6pym4nhj8h4mp55

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Things I would like to see in your reply:

  • OTL log
  • MBAM log

Link to post
Share on other sites

Step 1 - After I clicked "Run Fix", OTL ran for a while. Then I got a Windows message, "OTL has stopped working". Problem details:

Problem signature:

Problem Event Name: APPCRASH

Application Name: OTL.scr

Application Version: 3.2.26.1

Application Timestamp: 2a425e19

Fault Module Name: user32.dll

Fault Module Version: 6.0.6002.18005

Fault Module Timestamp: 49e0380e

Exception Code: c0000005

Exception Offset: 0001f7aa

OS Version: 6.0.6002.2.2.0.768.2

Locale ID: 1033

Additional Information 1: cc77

Additional Information 2: ef1a5c26c968aa33f0b7c9bb536b7677

Additional Information 3: 987e

Additional Information 4: 2ce698c1f96e683ceaf9b9dae68b08a3

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Link to post
Share on other sites

hi

retry this fix

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/06/18 11:51:19 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MDAVIS\APPDATA\LOCAL\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}
    O33 - MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE -- [1997/09/10 12:52:00 | 000,214,016 | R--- | M] ()
    [2011/06/20 20:56:18 | 000,001,124 | -HS- | M] () -- C:\ProgramData\21wyr872a806mspci6l6pym4nhj8h4mp55
    [2011/06/20 20:56:17 | 000,001,124 | -HS- | M] () -- C:\Users\mdavis\AppData\Local\21wyr872a806mspci6l6pym4nhj8h4mp55

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Link to post
Share on other sites

When I restarted the computer (prior to seeing your next message), a text file popped up. I've included it below (the first one) just in case it's useful.

This time, OTL completed successfully and rebooted (log below, second one).

----- 07192011_094302.txt -----

Files\Folders moved on Reboot...

File move failed. E:\AUTORUN\AUTORUN.EXE scheduled to be moved on reboot.

Registry entries deleted on Reboot...

----- 07192011-122738.txt -----

All processes killed

========== OTL ==========

Folder C:\USERS\MDAVIS\APPDATA\LOCAL\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99e2110b-c008-11db-8c05-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e2110b-c008-11db-8c05-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99e2110b-c008-11db-8c05-806e6f6e6963}\ not found.

File move failed. E:\AUTORUN\AUTORUN.EXE scheduled to be moved on reboot.

File C:\ProgramData\21wyr872a806mspci6l6pym4nhj8h4mp55 not found.

File C:\Users\mdavis\AppData\Local\21wyr872a806mspci6l6pym4nhj8h4mp55 not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Christina

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Documents and Settings

User: mdavis

->Temp folder emptied: 31832 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 19896421 bytes

->Flash cache emptied: 0 bytes

User: Public

User: test.mdavis-PC.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 30452506 bytes

->FireFox cache emptied: 54357930 bytes

->Flash cache emptied: 14340 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 76021167 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 172.00 mb

[EMPTYFLASH]

User: admin

User: All Users

User: Christina

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Documents and Settings

User: mdavis

->Flash cache emptied: 0 bytes

User: Public

User: test.mdavis-PC.000

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07192011_122738

Files\Folders moved on Reboot...

File move failed. E:\AUTORUN\AUTORUN.EXE scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

I tried a few searches, and did not get any redirects. I usually got redirected on my first click, so I'll say the symptom is gone - but it was intermittent, so it's impossible to say with 100% certainty.

OTL quick scan log:

-----

OTL logfile created on: 7/19/2011 6:22:35 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mdavis\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 439.53 Mb Available Physical Memory | 49.20% Memory free

2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 101.72 Gb Total Space | 6.81 Gb Free Space | 6.70% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.16 Gb Free Space | 51.65% Space Free | Partition Type: NTFS

Drive E: | 602.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MDAVIS-PC | User Name: mdavis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 19:45:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

PRC - [2011/07/18 15:19:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/29 22:14:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe

PRC - [2008/10/29 22:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe

PRC - [2006/11/22 18:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe

========== Modules (SafeList) ==========

MOD - [2011/07/18 19:45:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 15:19:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/10/29 22:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/05 00:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/11/07 15:27:02 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/07/18 15:19:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/18 15:19:25 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/07/29 00:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/10/05 22:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/07/10 22:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/02/15 22:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007/02/15 03:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007/02/08 10:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/20 15:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/20 15:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/11/20 15:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/11 19:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/10/30 12:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/17 17:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.weather.com/outlook/homeandgarden/home/local/20910|http://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14

FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.00.100530

FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.00.100530

FF - prefs.js..extensions.enabledItems: {7051DDA4-F06F-4007-A1C1-E13A2CCF2470}:1.9.1

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/13 08:25:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/12 22:49:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/12 22:49:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/02 20:58:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/09/27 12:04:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}: C:\Users\mdavis\AppData\Local\{7051DDA4-F06F-4007-A1C1-E13A2CCF2470}

[2011/03/02 20:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Extensions

[2011/03/02 20:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/07/12 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions

[2011/07/12 22:51:23 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2009/02/18 10:47:50 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}(9)

[2011/07/12 23:56:09 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\rikaichan-jpen@polarcloud.com

[2011/07/12 23:55:52 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Profiles\gh5mihry.default\extensions\rikaichan-jpnames@polarcloud.com

[2011/07/12 22:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2008/03/03 01:50:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

File not found (No name found) --

() (No name found) -- C:\USERS\MDAVIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GH5MIHRY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2010/09/13 09:48:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/10/30 18:06:04 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - File not found

O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bing Bar] File not found

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 66.92.159.2 216.231.41.2

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\mdavis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [1997/09/30 12:53:54 | 000,000,000 | ---D | M] - E:\AUTORUN -- [ CDFS ]

O32 - AutoRun File - [1997/09/24 13:17:52 | 000,000,067 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 09:43:02 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/18 19:45:09 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

[2011/07/18 18:35:15 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\mdavis\Desktop\aswMBR.exe

[2011/07/17 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/17 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\mdavis\AppData\Roaming\Avira

[2011/07/17 15:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/07/17 15:14:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/07/17 15:14:31 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/07/17 15:14:31 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/07/17 15:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/07/17 15:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/07/17 14:40:21 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\mdavis\Desktop\dds.scr

[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

[2007/04/03 00:58:19 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\RC00C140.dll

========== Files - Modified Within 30 Days ==========

[2011/07/19 17:35:49 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/19 17:35:49 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/19 17:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/19 14:07:18 | 000,000,186 | ---- | M] () -- C:\Users\mdavis\Desktop\Malware Forum.url

[2011/07/18 19:45:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mdavis\Desktop\OTL.scr

[2011/07/18 19:43:49 | 000,000,512 | ---- | M] () -- C:\Users\mdavis\Desktop\MBR.dat

[2011/07/18 18:44:47 | 101,098,488 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/18 18:35:52 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\mdavis\Desktop\aswMBR.exe

[2011/07/18 15:19:26 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/07/18 15:19:25 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/07/18 08:57:10 | 000,002,855 | ---- | M] () -- C:\Users\mdavis\Desktop\attach.zip

[2011/07/17 20:13:34 | 000,000,000 | ---- | M] () -- C:\Users\mdavis\defogger_reenable

[2011/07/17 15:15:23 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/07/17 14:46:07 | 000,302,592 | ---- | M] () -- C:\Users\mdavis\Desktop\335mtp9d.exe

[2011/07/17 14:40:31 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\mdavis\Desktop\dds.scr

[2011/07/17 14:30:56 | 000,050,477 | ---- | M] () -- C:\Users\mdavis\Desktop\Defogger.exe

[2011/07/12 22:49:21 | 000,000,921 | ---- | M] () -- C:\Users\mdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/12 22:49:21 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/06/28 09:36:41 | 000,618,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/28 09:36:40 | 000,103,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/27 16:39:55 | 000,023,170 | ---- | M] () -- C:\Users\mdavis\Documents\EOB-Statement.pdf

[2011/06/20 20:19:41 | 000,000,120 | ---- | M] () -- C:\Users\mdavis\AppData\Local\Srutuvacaxoj.dat

[2011/06/20 07:26:42 | 000,000,000 | ---- | M] () -- C:\Users\mdavis\AppData\Local\Bdamohah.bin

========== Files Created - No Company Name ==========

[2011/07/19 14:05:58 | 000,000,186 | ---- | C] () -- C:\Users\mdavis\Desktop\Malware Forum.url

[2011/07/18 19:43:49 | 000,000,512 | ---- | C] () -- C:\Users\mdavis\Desktop\MBR.dat

[2011/07/18 18:44:47 | 101,098,488 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/07/18 08:57:08 | 000,002,855 | ---- | C] () -- C:\Users\mdavis\Desktop\attach.zip

[2011/07/17 20:13:34 | 000,000,000 | ---- | C] () -- C:\Users\mdavis\defogger_reenable

[2011/07/17 15:15:23 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/07/17 14:45:57 | 000,302,592 | ---- | C] () -- C:\Users\mdavis\Desktop\335mtp9d.exe

[2011/07/17 14:30:41 | 000,050,477 | ---- | C] () -- C:\Users\mdavis\Desktop\Defogger.exe

[2011/07/12 22:49:21 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/27 16:38:39 | 000,023,170 | ---- | C] () -- C:\Users\mdavis\Documents\EOB-Statement.pdf

[2011/06/18 11:51:20 | 000,000,120 | ---- | C] () -- C:\Users\mdavis\AppData\Local\Srutuvacaxoj.dat

[2011/06/18 11:51:20 | 000,000,000 | ---- | C] () -- C:\Users\mdavis\AppData\Local\Bdamohah.bin

[2011/02/11 14:21:46 | 000,229,452 | ---- | C] () -- C:\Windows\System32\mls_set4.dll

[2011/02/11 14:21:46 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LMCHART1.dll

[2011/02/11 14:21:46 | 000,118,784 | ---- | C] () -- C:\Windows\System32\f18dll.dll

[2011/02/11 14:21:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\EZTW32.dll

[2011/02/11 14:21:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\tstream.dll

[2010/10/09 11:28:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/10/09 11:28:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/10/09 11:28:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/09/12 19:15:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/09/02 00:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/06/08 13:01:40 | 000,870,128 | ---- | C] () -- C:\Users\mdavis\AppData\Roaming\mcs.rma

[2009/06/08 13:01:40 | 000,000,004 | ---- | C] () -- C:\Users\mdavis\AppData\Roaming\6681F9

[2009/06/08 13:00:56 | 000,000,731 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008/04/28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/04/05 23:38:01 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2008/03/24 10:24:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/01/11 06:08:22 | 000,019,651 | ---- | C] () -- C:\Users\mdavis\AppData\Local\internal.grp

[2007/11/23 02:46:13 | 000,192,640 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2007/06/05 00:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007/04/03 00:58:20 | 000,000,074 | ---- | C] () -- C:\Windows\ricdb.ini

[2007/04/03 00:58:19 | 000,750,116 | ---- | C] () -- C:\Windows\System32\RCD0D140.DLL

[2007/04/03 00:58:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini

[2007/03/16 18:13:33 | 000,000,071 | ---- | C] () -- C:\Windows\Pex.INI

[2007/03/16 17:53:22 | 000,000,030 | ---- | C] () -- C:\Windows\iedit.INI

[2007/03/13 22:31:44 | 000,005,183 | ---- | C] () -- C:\Windows\ULEAD32.INI

[2007/03/06 21:50:14 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2007/03/05 18:10:35 | 000,004,109 | ---- | C] () -- C:\Windows\mozver.dat

[2007/02/27 22:46:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2007/02/23 21:26:19 | 000,028,160 | ---- | C] () -- C:\Users\mdavis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/02/19 14:59:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/02/19 14:59:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/02/19 14:59:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/02/19 14:59:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/02/19 07:40:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/02/19 07:26:37 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007/02/19 07:26:36 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2007/02/19 07:17:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2007/02/19 07:17:22 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE

[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:44:53 | 000,485,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:33:01 | 000,618,258 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,103,850 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2009/04/24 06:30:00 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Canon

[2011/03/22 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\FileZilla

[2010/09/15 20:10:00 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\NCH Swift Sound

[2011/02/11 14:22:15 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\PenBox 54 05297

[2011/05/20 16:31:56 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Picturenaut

[2009/06/11 09:43:53 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Recordpad

[2009/06/12 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\RiseFly

[2011/01/10 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Simple Sudoku

[2007/03/13 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Subversion

[2010/03/10 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Three Rings Design

[2011/03/02 20:58:11 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Thunderbird

[2007/11/04 06:18:10 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\Ulead Systems

[2010/10/13 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\VistaCodecs

[2011/04/28 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\mdavis\AppData\Roaming\XTrackCad

[2011/07/19 12:32:11 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Woodworking Plans:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Visual Studio 2005:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Updater5:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Trains:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Track Plans:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Taxes 2008:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\T Gauge:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\stormtroopers.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\shogi-vocab_files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Pantera Pens:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\New Folder:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\My Data Sources:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\My Corel Shows:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Knowledge Base Software:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\JRM:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Japanese Witholding Form 2007.tif:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\JapanDVD.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\English Materials:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\embankment3.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\embankment2.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\embankment1.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\EH500-2.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\EH500-19.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\drivers-license.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\Autoshop form.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Documents\ARMAC:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\mdavis\Desktop\USB Drive copy:Roxio EMC Stream

< End of report >

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

Step 1 and Step 2 completed successfully. Neither one found anything suspicious. I've used Google a few more times now with no redirects - things are looking good!

----- MBAM log -----

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7206

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

7/19/2011 7:17:00 PM

mbam-log-2011-07-19 (19-17-00).txt

Scan type: Quick scan

Objects scanned: 195049

Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----- ESET log -----

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

-----

Link to post
Share on other sites

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
    [createrestorepoint]


  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Click Here to learn how to keep a backup of your important files

    [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Stay safe :wave:

Link to post
Share on other sites

The first step (Run/Fix) completed successfully, although it didn't seem to do anything - just immediately popped up and set it was done.

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")

I don't have any run options in my right-click menu. Vista says it is a screensaver (.scr) file, and offers options like "Test" (the default), "Configure", and "Install". Nothing "as administrator". Should I log in as administrator to run it? Just run it as I have been all along?

Thanks!

Link to post
Share on other sites

Okay, OTL clean up is done, so I guess I'm clean now. Thank you! I couldn't have done it without your help.

I assume I can delete all the new stuff I've installed, use DeFogger to re-enable stuff?

I have just one more question: Avira Guard is still griping about "TR/Spy.302592.8" in GMER. Now that we're done, I assume I can just delete GMER, but is this normal?

Thank you!

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.