Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix log -- Having Issues with Virus/Malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Daniel Rabe

Daniel Rabe

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 08 June 2012 - 08:18 PM

I have been having problems with my computer. I am running on Windows XP SP3 and have been having issues such as: inability to right-click any start menu option; inability to move desktop/windows explorer files; unable to run IE latest version to do Windows Updates (Use FireFox as default); Random files unable to load and some programs not completing operations; and probably other issues I have yet to come across.

I have already run Virus Scans (with AVG latest version with latest definitions) and with SpyBot Search & Destroy and found a couple Adware but no Malware. I attempted to run MalwareBytes to see if that would pick anything up, but was unable to because of an error involving vbalgrid and vbalsgrid6.ocx

I ran ComboFix and attached the log file and would really appreciate it if someone could look through the file and tell me if there are any problem areas that need to be fixes.

Thanks

 


ComboFix 12-06-08.02 - Anne Brecht 06/08/2012 19:41:38.4.2 - x86
Running from: c:\documents and settings\Anne Brecht\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-08 23:54 . 2012-06-09 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-08 23:54 . 2012-06-08 23:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-08 23:21 . 2012-06-08 23:21 -------- d-----w- c:\program files\CCleaner
2012-06-08 23:12 . 2012-06-08 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-08 23:12 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 23:09 . 2012-06-08 23:09 -------- d-----w- c:\windows\LastGood
2012-06-07 21:52 . 2011-08-08 19:18 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-06-07 21:52 . 2011-08-08 20:01 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-06-07 21:52 . 2011-08-08 20:01 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-06-07 21:52 . 2010-02-09 03:59 56200 ----a-w- c:\windows\system32\offreg.dll
2012-06-07 21:52 . 2012-06-07 21:52 -------- d-----w- c:\program files\iolo
2012-06-07 21:43 . 2012-06-07 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-06-07 21:43 . 2012-06-07 21:43 -------- d-----w- c:\documents and settings\Anne Brecht\Application Data\iolo
2012-06-07 20:59 . 2012-06-07 20:59 -------- d-----w- c:\program files\SmartPCFixer
2012-06-06 18:02 . 2012-06-09 00:20 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-02 00:33 . 2012-06-02 00:35 -------- d-----w- c:\documents and settings\Administrator
2012-06-01 17:43 . 2012-06-09 00:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-31 23:36 . 2012-05-31 23:36 -------- d-----w- c:\documents and settings\Anne Brecht\Application Data\AVG2012
2012-05-31 23:35 . 2012-05-31 23:35 -------- d-----w- c:\documents and settings\Anne Brecht\Local Settings\Application Data\AVG Secure Search
2012-05-31 23:35 . 2012-05-31 23:35 -------- d-----w- c:\documents and settings\Anne Brecht\Application Data\AVG Secure Search
2012-05-31 23:35 . 2012-05-31 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-05-31 23:35 . 2012-05-31 23:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-31 23:35 . 2012-05-31 23:35 -------- d-----w- c:\program files\AVG Secure Search
2012-05-31 23:34 . 2012-05-31 23:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-05-31 23:32 . 2012-06-06 22:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-31 23:32 . 2012-05-31 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-05-31 23:32 . 2012-05-31 23:32 -------- d-----w- C:\$AVG
2012-05-31 23:31 . 2012-05-31 23:31 -------- d-----w- c:\program files\AVG
2012-05-31 23:00 . 2012-06-04 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-05-31 21:29 . 2012-05-31 21:29 -------- d-----w- c:\documents and settings\Anne Brecht\Local Settings\Application Data\Mozilla
2012-05-31 21:29 . 2012-06-09 00:20 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8
2012-05-31 21:07 . 2012-05-31 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-31 19:40 . 2012-05-31 19:41 -------- d-----w- c:\windows\system32\drivers\etc\New Folder
2012-05-31 19:13 . 2012-05-31 19:13 -------- d-----w- c:\documents and settings\Anne Brecht\Application Data\Malwarebytes
2012-05-31 19:13 . 2012-05-31 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-31 17:57 . 2012-05-31 17:57 -------- d-----w- c:\documents and settings\Anne Brecht\Application Data\SUPERAntiSpyware.com
2012-05-31 17:55 . 2012-05-31 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-31 17:40 . 2012-06-07 00:19 -------- d-----w- c:\documents and settings\Anne Brecht\Local Settings\Application Data\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14 . 2004-08-10 18:51 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-10 18:51 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 14:05 . 2011-05-20 00:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 16:45 . 2012-03-20 16:45 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-03-19 10:17 . 2012-03-19 10:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_00.48.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 04:59 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
- 2004-08-04 04:59 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
+ 2012-06-08 23:09 . 2008-04-13 18:45 26368 c:\windows\LastGood\system32\drivers\USBSTOR.SYS
+ 2012-06-08 23:09 . 2008-04-13 18:40 36352 c:\windows\LastGood\system32\drivers\disk.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-31 23:35 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-31 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-01-05 00:10 1108752 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-01-05 00:10 1108752 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-01-05 00:10 1108752 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-01-05 00:10 1108752 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-01-05 00:10 1108752 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-01-05 00:10 1108752 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP ENVY 110 series (NET)"="c:\program files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 1804648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-22 39408]
"SacReminderHDDV2"="c:\documents and settings\all users\application data\Cardinal\C2SMB_M\reminder\SacReminder.exe" [2011-05-24 460624]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-31 1116544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-12-08 933]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC5365"="del" [X]
"SpybotDeletingC5706"="del" [X]
"SpybotDeletingC979"="del" [X]
"SpybotDeletingC9002"="del" [X]
"SpybotDeletingC9905"="del" [X]
"SpybotDeletingC5124"="del" [X]
"SpybotDeletingC8815"="del" [X]
"SpybotDeletingC6130"="del" [X]
"SpybotDeletingC5903"="del" [X]
"SpybotDeletingC7919"="del" [X]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SpybotDeletingA9841"="command.com" [2004-08-04 50620]
"SpybotDeletingA5918"="command.com" [2004-08-04 50620]
"SpybotDeletingA4571"="command.com" [2004-08-04 50620]
"SpybotDeletingA2620"="command.com" [2004-08-04 50620]
"SpybotDeletingA7005"="command.com" [2004-08-04 50620]
"SpybotDeletingA1185"="command.com" [2004-08-04 50620]
"SpybotDeletingA1960"="command.com" [2004-08-04 50620]
"SpybotDeletingA1510"="command.com" [2004-08-04 50620]
"SpybotDeletingA4657"="command.com" [2004-08-04 50620]
"SpybotDeletingA6376"="command.com" [2004-08-04 50620]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ???\0?  \0???\0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0???\0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?  \0?\0????\0O\0autocheck smrgdf c:\documents and settings\Anne Brecht\Application Data\iolo\\0\0\0\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MozillaMaintenance"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"vToolbarUpdater11.0.2"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"PMBDeviceInfoProvider"=2 (0x2)
"OnlineStorageService"=3 (0x3)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"ioloSystemService"=2 (0x2)
"idsvc"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GamesAppService"=3 (0x3)
"DellAMBrokerService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avgfws"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2012-01-13 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R4 OnlineStorageService;OnlineStorageService;c:\program files\Trend Micro SafeSync\hrfscore.exe [2012-01-05 3746576]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R4 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-31 932736]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2012-01-13 30944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-06-09 40776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\At1.job
- c:\program files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
.
2012-06-01 c:\windows\Tasks\At2.job
- c:\program files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
.
2012-06-01 c:\windows\Tasks\At3.job
- c:\program files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
.
2012-05-31 c:\windows\Tasks\At4.job
- c:\program files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 14:05]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 14:05]
.
2012-06-01 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]
.
2012-06-01 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]
.
2012-05-31 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-03-10 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-05-31 c:\windows\Tasks\User_Feed_Synchronization-{8235D37A-9F85-407A-9ADA-BC2380B85C16}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Anne Brecht\Application Data\Mozilla\Firefox\Profiles\6hi33yok.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1c027b5d-0e66-4991-90bc-6bfb856de876%7D&mid=491294129d8b47d0ab28d1570a9c9ed9-a66af75a6112215fddbd53775b5f79ee4bfa1c15&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-31%2018%3A35%3A18&sap=ku&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2096067462-3777473611-3347648496-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1256)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(7980)
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-08 19:48:52
ComboFix-quarantined-files.txt 2012-06-09 00:48
ComboFix2.txt 2012-06-07 22:20
ComboFix3.txt 2012-06-04 01:31
ComboFix4.txt 2012-06-04 00:55
.
Pre-Run: 62,238,793,728 bytes free
Post-Run: 62,221,008,896 bytes free
.
- - End Of File - - 8A4600D77D18515D6EB674D7279DD47A

Attached Files


Edited by jntkwx, 14 June 2012 - 08:49 PM.
Including Combofix log in post (easier to read)


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:12 PM

Posted 11 June 2012 - 11:15 AM

Hi Daniel,


:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

:step1: OTL
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

:step2: Farbar Service Scanner
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply, please include:
  • Both OTL files
  • FSS log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:12 PM

Posted 13 June 2012 - 02:38 PM

Hi Daniel,

It has been two days since my last post. Do you still need help?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 Daniel Rabe

Daniel Rabe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 14 June 2012 - 09:23 AM

Jason,

I have yet to run the scans, I was going to do them yesterday when I had some free time, but the BleepingComputer site was down for maintenance I assume as I was unable to access it for the period of time I had access to the computer. I hadn't written down the files to download or the instructions, so I wasn't able to run the required scans. I am hoping I can get around to doing these scans either today or tomorrow (I do not have immediate access to the computer as it is not my own, I was helping troubleshoot a friend's computer). Sorry for the delay on this, I will get around to it as soon as I can. Thanks for helping!

#5 Daniel Rabe

Daniel Rabe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 14 June 2012 - 06:22 PM

Here are the files.
Thank-you!

 


OTL logfile created on: 6/14/2012 12:11:38 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Anne Brecht\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 84.89% Memory free
5.58 Gb Paging File | 5.08 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 57.95 Gb Free Space | 53.07% Space Free | Partition Type: NTFS

Computer Name: BRECHT_FAMILY | User Name: Anne Brecht | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 12:02:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anne Brecht\My Documents\Downloads\OTL.exe
PRC - [2012/06/13 11:51:01 | 000,989,216 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\Anne Brecht\Local Settings\temp\install_flashplayer11x32_mssa_aih(1).exe
PRC - [2012/06/08 19:20:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2012/06/08 19:20:06 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
PRC - [2012/05/31 18:35:12 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/06/08 19:15:06 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/06/08 19:01:52 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe
PRC - [2011/05/24 09:59:37 | 000,460,624 | R--- | M] (SAC) -- C:\Documents and Settings\All Users\Application Data\Cardinal\C2SMB_M\reminder\SacReminder.exe
PRC - [2010/12/01 09:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 10:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2007/08/28 15:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/11/02 15:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/09/05 18:33:32 | 000,072,192 | ---- | M] (TODO: <Company name>) -- C:\Program Files\Hallmark\Hallmark Card Studio 2007 Premier\Planner\PLNRnote.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/08 19:20:12 | 002,000,352 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\mozjs.dll
MOD - [2012/05/31 18:35:16 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/31 18:35:12 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/09 13:44:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 13:44:44 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 13:44:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/19 13:04:50 | 003,622,128 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\plugin\libbizlplugin.dll
MOD - [2010/12/01 09:26:40 | 000,195,584 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2010/12/01 09:26:38 | 000,400,384 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2010/12/01 09:26:38 | 000,375,808 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2010/12/01 09:26:38 | 000,322,048 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2010/12/01 09:26:38 | 000,013,312 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\featureController.dll
MOD - [2010/12/01 09:26:36 | 002,452,992 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2010/12/01 09:26:36 | 001,008,640 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2010/12/01 09:26:36 | 000,062,464 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2009/08/25 06:55:45 | 000,290,816 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Cardinal\C2SMB_M\reminder\iCommon.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/06 16:35:02 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/03/16 04:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/08 19:20:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/31 18:35:14 | 000,932,736 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/04 19:09:34 | 003,746,576 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/13 17:34:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/06/30 03:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/07 17:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/03/16 04:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080131
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{D129CD52-1673-4D15-BD79-06E795C74382}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1c027b5d-0e66-4991-90bc-6bfb856de876%7D&mid=491294129d8b47d0ab28d1570a9c9ed9-a66af75a6112215fddbd53775b5f79ee4bfa1c15&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-31%2018%3A35%3A18&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/31 18:35:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/31 18:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/05/31 18:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012/06/08 19:20:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/06/06 15:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne Brecht\Application Data\Mozilla\Extensions
[2008/06/06 15:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne Brecht\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/06/08 19:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne Brecht\Application Data\Mozilla\Firefox\Profiles\6hi33yok.default\extensions
[2012/05/31 18:35:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.0.0.9
[2012/06/08 19:33:36 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNE BRECHT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6HI33YOK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/04 19:43:02 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNE BRECHT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6HI33YOK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/05/31 18:32:59 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/02/16 12:11:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/18 00:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/06/07 17:15:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SacReminderHDDV2] c:\Documents and Settings\All Users\Application Data\Cardinal\C2SMB_M\reminder\SacReminder.exe (SAC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\WINDOWS\Installer\{74E6CCBB-D24B-4308-9C03-DAEE7560FF82}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204349640828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/en/10/install/gtdownde.cab (Dell PC Checkup Installer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{411F0049-A614-4D94-8F72-E83171115C5A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Anne Brecht\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anne Brecht\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: (???)
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O34 - HKLM BootExecute: ("?Ê ")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 17:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/08 20:19:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Anne Brecht\Recent
[2012/06/08 20:19:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/08 19:48:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/08 19:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/08 19:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/08 19:40:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/08 19:40:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/08 19:40:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/08 18:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/08 18:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/06/08 18:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/06/08 18:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/06/08 18:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/08 18:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 18:12:35 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/08 18:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/08 12:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/06/07 16:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Application Data\iolo
[2012/06/07 16:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/06/07 15:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartPCFixer
[2012/06/07 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2012/06/06 16:57:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Anne Brecht\Desktop\mbam-setup-1.60.1.1000.exe
[2012/06/06 16:57:14 | 000,733,320 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Anne Brecht\Desktop\ChromeSetup.exe
[2012/06/06 16:55:56 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Anne Brecht\Desktop\ccsetup313.exe
[2012/06/06 14:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\My Documents\Downloads
[2012/06/06 13:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/06 13:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/03 19:38:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/03 19:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/01 12:43:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/01 11:14:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/31 18:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Application Data\AVG2012
[2012/05/31 18:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/31 18:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Local Settings\Application Data\AVG Secure Search
[2012/05/31 18:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Application Data\AVG Secure Search
[2012/05/31 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/31 18:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/31 18:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/31 18:34:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/31 18:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/31 18:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/31 18:32:42 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/31 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/31 18:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/31 16:44:39 | 004,538,510 | R--- | C] (Swearware) -- C:\Documents and Settings\Anne Brecht\Desktop\ComboFix.exe
[2012/05/31 16:38:43 | 003,879,712 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Anne Brecht\Desktop\avg_isct_stb_all_2012_2178_free.exe
[2012/05/31 16:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Local Settings\Application Data\Mozilla
[2012/05/31 16:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8
[2012/05/31 16:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/31 15:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Desktop\Dial-a-fix-v0.60.0.24
[2012/05/31 14:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Application Data\Malwarebytes
[2012/05/31 14:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/31 12:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Application Data\SUPERAntiSpyware.com
[2012/05/31 12:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/31 12:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Brecht\Local Settings\Application Data\LogMeIn Rescue Applet
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 12:07:33 | 000,100,668 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\My Documents\AVGInstLog.cab
[2012/06/13 17:34:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/13 17:17:38 | 000,080,749 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/06/09 18:11:26 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/06/09 17:58:23 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/06/09 17:58:21 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2012/06/09 17:56:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/09 17:56:49 | 4024,627,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 19:39:41 | 004,538,510 | R--- | M] (Swearware) -- C:\Documents and Settings\Anne Brecht\Desktop\ComboFix.exe
[2012/06/08 19:30:20 | 000,001,086 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/06/08 18:54:47 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Desktop\Spybot - Search & Destroy.lnk
[2012/06/08 18:21:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/08 18:12:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/08 17:49:23 | 001,257,929 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Desktop\Backup Information.QIF
[2012/06/07 17:15:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/07 17:02:19 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/06/07 15:59:29 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartPCFixer.lnk
[2012/06/07 15:59:29 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartPCFixer.lnk
[2012/06/06 19:14:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/06 18:56:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/06 17:42:25 | 099,900,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/06 16:40:17 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Desktop\PC Wizards.url
[2012/06/06 12:38:06 | 000,015,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/06/03 18:10:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 11:23:19 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 11:08:17 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 23:08:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2012/05/31 23:01:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/05/31 20:40:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/05/31 19:44:24 | 000,625,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/31 19:14:04 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/05/31 18:35:48 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/31 18:20:02 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8235D37A-9F85-407A-9ADA-BC2380B85C16}.job
[2012/05/31 18:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/05/31 17:54:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/31 17:42:22 | 000,502,118 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/31 17:42:22 | 000,089,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/31 16:36:44 | 003,879,712 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Anne Brecht\Desktop\avg_isct_stb_all_2012_2178_free.exe
[2012/05/31 16:29:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/05/31 16:29:13 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
[2012/05/31 16:29:13 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
[2012/05/31 15:15:29 | 000,658,944 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Desktop\MicrosoftFixit50191.msi
[2012/05/31 15:12:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/05/31 15:12:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/05/31 15:06:51 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Anne Brecht\Desktop\Dial-a-fix-v0.60.0.24.zip
[2012/05/31 14:00:04 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/05/26 10:10:04 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/05/19 13:42:37 | 000,080,749 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/14 12:07:33 | 000,100,668 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\My Documents\AVGInstLog.cab
[2012/06/08 19:40:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/08 19:40:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/08 19:40:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/08 19:40:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/08 19:40:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/08 19:30:16 | 000,001,086 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/06/08 18:54:47 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Desktop\Spybot - Search & Destroy.lnk
[2012/06/08 18:21:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/08 18:12:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/08 17:48:55 | 001,257,929 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Desktop\Backup Information.QIF
[2012/06/07 15:59:29 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartPCFixer.lnk
[2012/06/07 15:59:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartPCFixer.lnk
[2012/06/06 19:17:30 | 4024,627,200 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 18:56:38 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/06/06 18:56:38 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2012/06/06 18:56:38 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/06/06 18:56:38 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/06/06 18:56:38 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/06/06 17:42:25 | 099,900,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/06 16:39:29 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Desktop\PC Wizards.url
[2012/06/06 12:38:06 | 000,015,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/06/04 19:41:23 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/03 19:38:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/03 19:38:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/01 16:40:48 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/05/31 19:44:24 | 000,625,911 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/31 18:35:48 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/31 16:29:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/05/31 16:29:13 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
[2012/05/31 16:29:13 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
[2012/05/31 15:17:45 | 000,658,944 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Desktop\MicrosoftFixit50191.msi
[2012/05/31 15:07:55 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Anne Brecht\Desktop\Dial-a-fix-v0.60.0.24.zip
[2012/03/20 11:45:31 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/02/15 10:47:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 20:09:23 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/02/20 21:26:43 | 000,139,227 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/02/20 21:26:43 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/02/20 17:55:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/02/13 00:34:26 | 000,246,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2096067462-3777473611-3347648496-1006-0.dat
[2011/02/11 21:05:22 | 000,246,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/10/24 16:39:21 | 000,068,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/14 01:35:34 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Anne Brecht\Desktop\WirelessSettings.txt:SummaryInformation
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

 


OTL Extras logfile created on: 6/14/2012 12:11:38 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Anne Brecht\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 84.89% Memory free
5.58 Gb Paging File | 5.08 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 57.95 Gb Free Space | 53.07% Space Free | Partition Type: NTFS

Computer Name: BRECHT_FAMILY | User Name: Anne Brecht | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP ENVY 110 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP ENVY 110 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP ENVY 110 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP ENVY 110 series) -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3045AF76-5FFC-417C-97A2-E5E6CBAC80D9}" = HP ENVY 110 series Basic Device Software
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5B0C03-524C-4CAB-BC63-3C26A25877D6}" = HP ENVY 110 series Product Improvement Study
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Silver
"{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74E6CCBB-D24B-4308-9C03-DAEE7560FF82}" = Hallmark Card Studio 2007 Premier
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}" = HP Install Network Printer Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B10949AD-0C3C-47e8-ADF7-441C1BB9F621}" = C4380
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BDA128C9-66F5-46c9-A503-AA7098AF384F}" = C4380_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3308F5E-FAA9-4fc5-8975-800C36ECCEAC}" = C4380_doccd
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}" = HP ENVY 110 series Help
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG" = AVG 2012
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Free_TV_Bar Toolbar" = Free_TV_Bar Toolbar
"HFRS_is1" = Trend Micro SafeSync
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Instant Housecall" = Instant Housecall Remote Support
"Intel AppUp(SM) center 23669" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SearchAssist" = SearchAssist
"TomTom HOME" = TomTom HOME 2.5.2.60
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:03 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:04 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/9/2012 6:59:04 PM | Computer Name = BRECHT_FAMILY | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/13/2012 7:27:21 PM | Computer Name = BRECHT_FAMILY | Source = MsiInstaller | ID = 11719
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

[ iolo Applications Events ]
Error - 6/4/2012 7:48:48 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/4/2012 7:59:56 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/6/2012 6:27:06 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/6/2012 6:51:22 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/7/2012 5:54:59 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/7/2012 5:55:22 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/7/2012 6:14:22 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/7/2012 6:22:31 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/8/2012 1:15:52 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:59:34 PM | Computer Name = BRECHT_FAMILY | Source = Service Manager | ID = 1
Description =

[ System Events ]
Error - 6/9/2012 5:57:19 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/9/2012 6:12:16 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/9/2012 6:27:17 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/9/2012 6:42:18 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/9/2012 7:09:46 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/9/2012 7:24:41 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/10/2012 8:01:09 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "ANNES-PC :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/10/2012 8:15:59 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "ANNES-PC :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/11/2012 8:12:37 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "ANNES-PC :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

Error - 6/13/2012 12:49:05 PM | Computer Name = BRECHT_FAMILY | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :0" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.


< End of report >


Farbar Service Scanner Version: 09-06-2012
Ran by Anne Brecht (administrator) on 14-06-2012 at 12:50:33
Running from "C:\Documents and Settings\Anne Brecht\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Demand. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of RpcSs. The value does not exist.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".
The ServiceDll of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

Attached Files


Edited by jntkwx, 14 June 2012 - 08:51 PM.
Including logs in post (easier to read)


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:12 PM

Posted 15 June 2012 - 10:56 AM

Daniel,

:step1: Rerun Combofix
Please delete the Posted Image file on your desktop. Do not make any other changes to your computer!

Please download a NEW versionCombofix from one of these links.
Link 1
Link 2
Link 3
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
  • Open notepad and copy/paste the text below into it:

    ADS::
    C:\Documents and Settings\Anne Brecht\Desktop\WirelessSettings.txt
    C:\Documents and Settings\All Users\Application Data\TEMP
    
    AtJob::
    
  • Save this as CFScript.txt

    Posted Image
  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it shall produce a log for you. Post that log in your next reply.

IMPORTANT:
  • Leave your computer alone while ComboFix is running.
  • Do not mouseclick Combofix's window while it's running. That may cause it to stall.
  • ComboFix will restart your computer if additional malware is found; please allow it to do so.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer[/b]


:step2: MiniRegTool
Please download MiniRegTool.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  • Check the Query Keys radio button.
  • Press Go button and post the result.


In your next reply, please include:
  • New Combofix log
  • MiniRegTool log
  • How's your computer running now? Please be as descriptive as possible.

Also, please just copy and paste any logs asked for directly into your replies (unless otherwise asked). It's easier for me to read them that way. :thumbup2:

Edited by jntkwx, 15 June 2012 - 10:58 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Daniel Rabe

Daniel Rabe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 15 June 2012 - 07:08 PM

Jason,

I was in the process of the first couple of steps when I realized that I couldn't complete step 5. Whatever was taking the computer over had removed the functionality of drag & drop so I was unable to do that. I was going to move on from that, but the owner made the decision that she wanted to just reformat instead of messing with this any further. So, at the end of the day, the problem has been resolved one way or the other. She had already backed everything she wanted up off of there so nothing too important was lost. Thank you for taking the time to help us out though, I really appreciate it.

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:12 PM

Posted 15 June 2012 - 08:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users