BleepingComputer.com: Blue Screen Stop: 0x0000007B, computer won't boot

OK, please boot into NTBR.

Select your keyboard layout - hit <ENTER> if you want the default English one.
At the menu screen enter 5 for Command Prompt.
You should now see X:\> and a flashing cursor.


Type the following command and press Enter:
tools\dsrfix\dsrfix /d > dsrfix.txt

After a second or two you should see X:\> and the cursor reappear.

Next you need to enter the following command:

copy dsrfix.txt c:

If you get an error message when entering either command, simply repeat it checking for accuracy. Should you still not have any luck, make a note of the error message, shut down and let me know.


When done: type menu and press Enter to get back to the menu.

Enter 6 to QUIT
When prompted to Press CTRL+ Alt+Del to restart, remove the disc from your PC and then do as you were told to reboot.
Windows should now appear as normal, or as normal as Windows ever is!
Please attach the dsrfix.txt file that should be on your NTBR USB Drive...just plug it into the computer when Windows is fully booted and you can access the file then.

Ok - it all went smoothly and I am attaching the file.

 DSRFIX.TXT (15.17K)
Number of downloads: 13

That appears to be for the USB drive. We'll force it to look at the hard drive. First, delete dsrfix.txt off of your NTBR flash drive (you can do this in Windows).

Please boot into NTBR.

Select your keyboard layout - hit <ENTER> if you want the default English one.
At the menu screen enter 5 for Command Prompt.
You should now see X:\> and a flashing cursor.


Type the following command and press Enter:
tools\dsrfix\dsrfix /d /81 > dsrfix.txt

After a second or two you should see X:\> and the cursor reappear.

Next you need to enter the following command:

copy dsrfix.txt c:

If you get an error message when entering either command, simply repeat it checking for accuracy. Should you still not have any luck, make a note of the error message, shut down and let me know.


When done: type menu and press Enter to get back to the menu.

Enter 6 to QUIT
When prompted to Press CTRL+ Alt+Del to restart, remove the disc from your PC and then do as you were told to reboot.
Windows should now appear as normal, or as normal as Windows ever is!
Please attach the dsrfix.txt file that should be on your NTBR USB Drive...just plug it into the computer when Windows is fully booted and you can access the file then.

Here is the new dsrfix.txt file - hopefully this is the right one!

Perfect. That looks ready to fix the recovery partition.

Please boot into NTBR.

Select your keyboard layout - hit <ENTER> if you want the default English one.
At the menu screen enter 5 for Command Prompt.
You should now see X:\> and a flashing cursor.


Type the following command and press Enter:
tools\dsrfix\dsrfix /f /81

When the tool is Ready to queue changes . . . it will ask for confirmation on various actions - enter y to allow each step.
Once complete, the tool will prompt:

Changes queued. Write changes to disk now? (y/n) - enter y to give final approval.

When it's done: type menu and press Enter to get back to the menu.

Enter 6 to QUIT
When prompted to Press CTRL+ Alt+Del to restart, remove the disc from your PC and then do as you were told to reboot.
Windows should now appear as normal, or as normal as Windows ever is!


Let me know if you see the option when you reboot to restore the recovery partition and also confirm windows boots properly.

Thanks!
-etevares

This post has been edited by etavares: 24 July 2011 - 10:13 AM
Reason for edit: BBcode

Windows rebooted normally, but I did not/do not see the option to restore the recovery partition. However, I am not sure where I should be looking for this option?

Ah, it doesn't appear Dell prompts you with the instructions. Ctrl-F11 during bootup should allow you to access the Dell recovery partition now to restore to factory state.

Let's confirm. Please follow the instructions in this post above to run the dsrfix /d /81 command and post a logfile. That will confirm it worked.

Other than this, how has your computer been running? We're almost done at this point.

That's good news! I think it has mainly been running ok, though I haven't been using it tons. I did get a Win32 generic host error message a short while ago. I have gotten these in the past and it seems like everything stops responding and the only fix is to restart the computer. I am not sure if I am calling it exactly the right thing. I should have made a note of it.

Also, I still have that quirk about Floppy Diskette Seek Failure where I need to press F1 to continue while booting up.

Here is the latest log.

Thank you!

j d a

Hello, j d a.

Let's get another MBAM scan..it's been a while since we last ran one. The DSRFIX log shows that we did fix it so you have access to the recovery partition again.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2


For the floppy error, it was likely enabled by accident when you changed the boot order. Get back into your BIOS like before (it should tell you what to press for setup or BIOS when you reboot...likely F2 for a Dell computer).

Then, it's likely BIOS FEATURES SETUP then ensure that "Boot Up Floppy Seek" is DISABLED. If it is enabled, change it to DISABLED, then Save & Exit and let me know if you still the the error on the next reboot.


If the instructions don't match well, please let me know what the title of your BIOS is...Award, AmiBIOS or Phoenix are the most likely ones.



etavares

Nothing was detected by MBAM and I think the boot up floppy disk thing is now fixed!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7264

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

24/07/2011 20:10:57
mbam-log-2011-07-24 (20-10-57).txt

Scan type: Quick scan
Objects scanned: 202717
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Great! Please post one final OTL Quick Scan log for me to look at before we clean up.

Ok - here is the OTL log:

OTL logfile created on: 24/07/2011 22:15:50 - Run 7
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\J******\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.08% Memory free
3.84 Gb Paging File | 3.19 Gb Available in Paging File | 83.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 71.10 Gb Free Space | 49.26% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 128.60 Gb Free Space | 86.30% Space Free | Partition Type: NTFS
Drive F: | 244.73 Mb Total Space | 238.94 Mb Free Space | 97.63% Space Free | Partition Type: FAT

Computer Name: DESKTOP | User Name: J****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 14:47:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J******\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/09 13:47:52 | 000,047,104 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2005/10/27 16:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcgcoms.exe
PRC - [2005/10/20 19:42:42 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell AIO 810\DLCGmon.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2003/02/03 11:29:12 | 001,568,768 | ---- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 14:47:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J******\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/10/27 16:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcgcoms.exe -- (dlcg_device)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/04/13 19:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/23 07:27:00 | 000,137,884 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/05/23 07:27:00 | 000,080,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/05/23 07:27:00 | 000,010,864 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-45234142-450760184-16736487-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/17 19:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 22:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/19 17:37:48 | 000,000,000 | ---D | M]

[2008/06/25 09:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\J******\Application Data\Mozilla\Extensions
[2011/05/10 16:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\J******\Application Data\Mozilla\Firefox\Profiles\4y23md7w.default\extensions
[2010/11/12 10:42:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\J******\Application Data\Mozilla\Firefox\Profiles\4y23md7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/25 09:23:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\J******\Application Data\Mozilla\Firefox\Profiles\4y23md7w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/10 11:36:04 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\J******\Application Data\Mozilla\Firefox\Profiles\4y23md7w.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/11/12 10:42:34 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\J******\Application Data\Mozilla\Firefox\Profiles\4y23md7w.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011/07/19 17:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 10:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/09 13:22:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/19 17:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/17 19:41:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/07/19 17:22:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/10 22:21:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 17:22:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/10 22:21:39 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 22:21:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/10 22:21:39 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 22:21:39 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 22:21:39 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/11 15:29:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-45234142-450760184-16736487-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [dlcgmon.exe] C:\Program Files\Dell AIO 810\dlcgmon.exe (Dell)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-45234142-450760184-16736487-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-45234142-450760184-16736487-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2ED79742-30D5-4A95-B677-34CBD8A7AEDD} http://streaming.mentorwave.com/webinstall.cab (WebContainer Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} http://www.photoworks.com/pixami/BPImageEditor.cab (Pixami Image Editor Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} http://www.photoworks.com/pixami/DragDropUploader.cab (Pixami Drag/Drop Upload UI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\J******\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\J******\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/24 20:03:34 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\J******\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/19 17:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/19 17:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/18 21:08:16 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/18 17:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/17 20:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J******\Application Data\AVG10
[2011/07/17 19:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/07/17 19:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/17 19:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/07/17 18:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/17 18:13:31 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\J******\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/07/17 17:34:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/17 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/17 17:34:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/17 17:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/17 09:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J******\My Documents\From desktop
[2011/07/16 22:55:03 | 001,906,176 | ---- | C] (AVAST Software) -- C:\Documents and Settings\J******\Desktop\aswMBR.exe
[2011/07/13 15:04:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 14:37:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/12 14:47:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\J******\Desktop\OTL.exe
[2011/07/11 15:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/07/11 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
[2011/07/11 15:17:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/11 15:14:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/11 15:14:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/11 15:14:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/11 15:14:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/11 15:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 15:14:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/11 15:14:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\J******\Start Menu\Programs\Administrative Tools
[2011/07/11 15:13:14 | 004,148,094 | R--- | C] (Swearware) -- C:\Documents and Settings\J******\Desktop\etavaresCF.exe
[2011/07/10 22:44:36 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\J******\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/10 17:50:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\J******\Recent
[2006/04/22 15:01:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2006/04/22 15:01:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2006/04/22 15:01:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2006/04/22 15:01:23 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2006/04/22 15:01:23 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2006/04/22 15:01:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2006/04/22 15:01:22 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgih.exe
[2006/04/22 15:01:21 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2006/04/22 15:01:21 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe
[2006/04/22 15:01:21 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/07/24 21:27:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/24 21:18:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/24 21:17:14 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/07/24 21:17:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/24 21:16:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/24 21:16:55 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/24 21:16:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/24 21:16:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/07/24 20:03:31 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\J******\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/24 17:56:39 | 000,002,178 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/07/24 11:14:23 | 125,221,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/19 18:49:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/19 17:37:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/18 23:16:19 | 000,114,750 | ---- | M] () -- C:\Documents and Settings\J******\Desktop\avgLOG 17 July 11.csv
[2011/07/17 19:43:01 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/17 18:13:40 | 005,570,000 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\J******\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/07/17 17:34:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 17:33:33 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\J******\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/17 11:54:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\J******\Desktop\MBR.dat
[2011/07/16 22:55:03 | 001,906,176 | ---- | M] (AVAST Software) -- C:\Documents and Settings\J******\Desktop\aswMBR.exe
[2011/07/15 14:43:00 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 15:35:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 14:19:30 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\J******\Desktop\SystemLook.exe
[2011/07/12 14:47:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J******\Desktop\OTL.exe
[2011/07/11 15:29:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/11 15:17:43 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/07/11 15:13:21 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\J******\Desktop\etavaresCF.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2011/07/24 11:14:23 | 125,221,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/19 17:37:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/19 17:37:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/18 23:16:19 | 000,114,750 | ---- | C] () -- C:\Documents and Settings\J******\Desktop\avgLOG 17 July 11.csv
[2011/07/17 19:43:01 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/17 17:34:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 11:54:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\J******\Desktop\MBR.dat
[2011/07/13 14:51:44 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\J******\Start Menu\Programs\Shortcut to iexplore.lnk
[2011/07/13 14:19:35 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\J******\Desktop\SystemLook.exe
[2011/07/11 15:24:31 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/07/11 15:24:31 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
[2011/07/11 15:24:16 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/11 15:24:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 15:24:16 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/07/11 15:24:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/11 15:24:16 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/11 15:24:15 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2011/07/11 15:24:15 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
[2011/07/11 15:24:15 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/11 15:24:15 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2011/07/11 15:24:15 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/07/11 15:24:14 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011/07/11 15:24:14 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2011/07/11 15:24:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 15:24:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/11 15:24:14 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/07/11 15:24:14 | 000,001,048 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoWorks PhotoStreamer 2.lnk
[2011/07/11 15:24:14 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/11 15:24:14 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/07/11 15:24:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/11 15:17:43 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/07/11 15:17:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/11 15:14:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/11 15:14:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/11 15:14:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/11 15:14:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/11 15:14:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/12 11:47:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/17 14:06:22 | 001,141,984 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/06 19:54:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\J******\Local Settings\Application Data\housecall.guid.cache
[2010/02/27 17:38:59 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\setup_ldm.iss
[2010/01/29 18:33:26 | 000,066,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/02/24 15:23:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/09 16:23:52 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/11/24 17:21:05 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/10/11 00:02:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/06 17:51:49 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/08/06 16:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/03/05 13:33:35 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\J******\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/07 13:12:40 | 000,131,002 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/01/07 13:12:40 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2007/09/05 15:50:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2007/04/02 17:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/31 16:18:13 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/31 15:12:46 | 000,002,162 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2007/01/05 14:41:59 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2007/01/05 13:11:30 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/22 23:00:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/10/24 14:57:13 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\J******\Local Settings\Application Data\FASTWiz.html
[2006/10/24 14:54:46 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\J******\Local Settings\Application Data\FASTApp.html
[2006/10/10 10:46:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/10 10:46:30 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/09/06 15:40:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2006/06/08 01:57:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/06/02 23:24:50 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8220.ini
[2006/06/02 23:24:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/06/02 22:45:19 | 000,002,178 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2006/06/02 22:42:48 | 000,000,585 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/06/02 22:42:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/06/02 22:42:48 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/06/02 22:42:48 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8220def.dat
[2006/06/02 22:42:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07.BIN
[2006/06/02 22:39:48 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/05/23 10:41:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\J******\Application Data\dm.ini
[2006/04/25 18:47:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/04/25 14:54:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/25 14:47:58 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/25 14:47:58 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2E2A4116AD.sys
[2006/04/25 12:47:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/04/25 12:45:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/04/25 10:54:39 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\J******\Local Settings\Application Data\fusioncache.dat
[2006/04/22 15:46:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/22 15:39:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/22 15:36:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/22 15:32:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/22 15:01:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2006/04/22 15:01:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2006/04/22 15:01:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2006/04/22 15:01:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2006/04/22 15:01:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2006/04/22 15:01:22 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2006/04/22 15:01:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2006/04/22 15:01:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2006/04/22 15:01:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2006/04/22 15:01:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcgcfg.dll
[2006/04/22 15:00:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/22 15:00:32 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/04/22 14:58:37 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/19 08:42:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\dlcgplc.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,463,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,080,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/12 08:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2011/07/17 19:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/11 14:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 09:15:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/24 18:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/07/17 20:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/16 16:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/07/16 14:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2006/06/08 01:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/09/19 17:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUIIMAGE
[2011/01/19 12:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp
[2007/11/02 15:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3ABF525B-E983-4C94-A5A3-0BD38AD30839}
[2010/08/05 12:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/27 17:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/02 18:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/02 15:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BA892C10-A262-42D0-B6AD-2ADE4916F871}
[2009/06/27 09:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Citrix
[2009/06/27 09:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Netscape
[2009/08/20 10:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Skinux
[2011/07/17 20:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\AVG10
[2010/12/17 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Blackberry Desktop
[2006/12/08 10:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Costco Photo Viewer
[2008/08/06 17:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\FTW
[2006/09/07 00:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Leadertech
[2010/05/19 11:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Ofoto
[2011/01/28 12:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\OverDrive
[2007/11/13 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Ovusoft
[2006/06/20 23:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\PhotoWorks
[2010/12/16 16:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Research In Motion
[2006/06/20 23:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Seven Zip
[2009/08/18 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Skinux
[2007/03/15 12:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J******\Application Data\Snapfish

========== Purity Check ==========



< End of report >

Hello, j d a.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

• Download OTC by OldTimer and save it to your desktop.
  
• If that link doesn't work, try this one.
  
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:

• Double-click the Downloaded installer and install the tool to a location of your choice
  
• Via the Startmenu, navigate to HostsMan and run the program.
  
  • Click "Hosts" in the menu
    
  • Click "Manage Updates" in the submenu
    
  • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    
  • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
    
  
  
• Click the X to exit the program.
  
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares

Hello etavares,

Excellent news! Thanks again for all of your help. I will take the steps outlined above.

I have a few quick questions, if you don't mind:

I assume I am now good to go ahead in backing up my photos & docs? Do you have any recommendations regarding back-ups? Is there a more elegant solution then my burning everything to a DVD when I remember?

I am having a quirk with IE that started a couple of months ago. It's not a big deal, but slightly annoying, so I thought I'd check if you have a remedy: when I click a link on a webpage that previously would open in a new tab, it now opens in a new window. In the General-->Tabs settings "Open links from other programs in:" has "A new tab in the current window." selected.

Thanks again!

j d a

There are free backup programs, but if you want a one time backup, copying the files to a USB flash drive or burn to a DVD is still the easiest way.

As for IE, let's try resetting it.

• Close any Internet Explorer or Windows Explorer windows that are currently open.
  
• Open Internet Explorer
  
• Click the Tools --> Internet Options.
  
• Click the Advanced tab, and then click Reset.
  
• In the Reset Internet Explorer Settings dialog box, click Reset.
  
• When Internet Explorer finishes applying default settings, click Close, OK, then OK again.
  
• Close Internet Explorer.
  
• Relaunch IE, ensure the tabbed settings are as desired (e.g. new tab in current window), click OK.
  
• Did that fix the issue?