Laptop connected to internet but will only browse in safe mode

Re: Laptop connected to internet but will only browse in safe mode21st February 2010, 10:16 pm

Wooo Diagnostics!!!!

Rooter:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
Mozilla Firefox 3.6 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:145 Go - Free:131 Go )
D:\ [CD_Rom]
.
Scan : 14:58.08
Path : C:\Documents and Settings\brandon\Desktop\Rooter.exe
User : Jason ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (456)
______ \??\C:\WINDOWS\system32\csrss.exe (516)
______ \??\C:\WINDOWS\system32\winlogon.exe (540)
______ C:\WINDOWS\system32\services.exe (584)
______ C:\WINDOWS\system32\lsass.exe (596)
______ C:\WINDOWS\system32\svchost.exe (748)
______ C:\WINDOWS\system32\svchost.exe (796)
______ C:\WINDOWS\system32\svchost.exe (896)
______ C:\WINDOWS\system32\svchost.exe (912)
______ C:\Program Files\AVG\AVG9\avgchsvx.exe (944)
______ C:\WINDOWS\system32\svchost.exe (976)
______ C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (1196)
______ C:\WINDOWS\Explorer.EXE (1828)
______ C:\Program Files\Mozilla Firefox\firefox.exe (520)
______ C:\Documents and Settings\brandon\Desktop\Rooter.exe (1340)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:90445824)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:90478080 | Length:156403699200)
\Device\Harddisk0\Partition3 (Start_Offset:156494177280 | Length:3545095680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WGASetup.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:58.11
.
C:\Rooter$\Rooter_1.txt - (21/02/2010 | 14:58.11)

LockSearch:
LockSearch by jpshortstuff (05.11.09.1)
Log created at 15:01 on 21/02/2010 (Jason)
Scanning C:\

C:\pagefile.sys
-------------------------

-=E.O.F=-

CKScanner:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Cheetah:
Cheetah-Anti-Rogue v1.3.1
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 02/16/2010 - Time: 22:21:55 - Arch.: x86

-- Malware removal tools check --
Malwarebytes' Anti-Malware

-- Known infection --

Extra message: Detection only.

EOF

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 1:59 am

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:24 am

OTL.txt I had to split this in half, i kept getting an error message that said: The posted message is too big.
OTL logfile created on: 2/22/2010 8:00:00 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\brandon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 131.77 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SFTTG1
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/22 19:59:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brandon\Desktop\OTL.exe
PRC - [2010/02/14 01:59:03 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/15 17:13:02 | 000,904,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/02/22 19:59:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brandon\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2010/02/14 01:59:05 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/07/16 13:14:10 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/06/02 11:42:54 | 000,024,064 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/14 05:42:04 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/03/04 11:39:26 | 000,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/08/24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/07/11 07:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/04/26 08:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/04/26 08:38:21 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/14 15:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 15:55:49 | 000,000,000 | ---D | M]

[2010/02/14 15:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brandon\Application Data\Mozilla\Extensions
[2010/02/17 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brandon\Application Data\Mozilla\Firefox\Profiles\t8zvi3tf.default\extensions
[2010/02/16 18:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brandon\Application Data\Mozilla\Firefox\Profiles\t8zvi3tf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/02/14 17:27:57 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\brandon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\brandon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 15:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/22 19:59:14 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\brandon\Desktop\OTL.exe
[2010/02/21 14:58:11 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/02/21 14:56:08 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\brandon\Desktop\Rooter.exe
[2010/02/21 14:55:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/20 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/17 17:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/02/16 22:06:15 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\brandon\Desktop\fsbl.exe
[2010/02/16 19:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brandon\Local Settings\Application Data\PCHealth
[2010/02/16 18:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brandon\Application Data\QuickScan
[2010/02/15 22:47:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/15 22:42:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/15 22:41:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/15 22:41:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/15 22:41:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/15 22:41:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/15 22:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/15 22:41:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/15 22:41:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/14 17:43:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/14 17:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brandon\My Documents\Downloads
[2010/02/14 15:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brandon\Local Settings\Application Data\Mozilla
[2010/02/14 15:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brandon\Application Data\Mozilla
[2010/02/14 15:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/14 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/02/14 15:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/14 02:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/14 01:09:51 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/14 01:09:06 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/14 01:09:05 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/14 01:09:05 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/14 01:09:05 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/14 01:09:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/14 01:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/14 01:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/14 01:08:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/14 01:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brandon\My Documents\msvcfix
[2010/02/14 01:06:09 | 080,328,144 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\brandon\My Documents\avg_free_stf_en_90_730a1834.exe
[2010/02/14 00:20:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/14 00:20:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/13 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/02/13 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/02/13 23:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2010/02/13 23:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/08/23 12:09:54 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/08/23 12:09:53 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/08/23 12:09:53 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/08/23 12:09:52 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/08/23 12:09:52 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/08/23 12:09:52 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/08/23 12:09:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/08/23 12:09:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/08/23 12:09:51 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/08/23 12:09:50 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/08/23 12:09:48 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/08/23 12:09:48 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/22 19:59:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brandon\Desktop\OTL.exe
[2010/02/22 19:54:39 | 000,529,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/22 19:54:39 | 000,446,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/22 19:54:39 | 000,073,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/22 19:49:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 19:49:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 15:17:50 | 002,269,184 | ---- | M] () -- C:\Documents and Settings\brandon\ntuser.dat
[2010/02/21 15:17:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\brandon\ntuser.ini
[2010/02/21 15:17:48 | 003,712,744 | -H-- | M] () -- C:\Documents and Settings\brandon\Local Settings\Application Data\IconCache.db
[2010/02/21 14:56:29 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\brandon\Desktop\CKScanner.exe
[2010/02/21 14:56:16 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\brandon\Desktop\LockSearch.exe
[2010/02/21 14:56:08 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\brandon\Desktop\Rooter.exe
[2010/02/20 15:22:42 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\brandon\Desktop\WhoCrashed.lnk
[2010/02/17 17:43:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 17:42:55 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/17 17:42:55 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/17 17:42:55 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/02/17 17:42:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/02/17 17:42:16 | 000,042,047 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/17 17:41:59 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/16 22:07:06 | 000,011,621 | ---- | M] () -- C:\Documents and Settings\brandon\Desktop\Cheetah-Anti-Rogue.zip
[2010/02/16 22:06:26 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\brandon\Desktop\fsbl.exe
[2010/02/16 19:23:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/15 22:40:14 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\brandon\Desktop\ComboFix.exe
[2010/02/15 22:35:45 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2010/02/14 17:27:57 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/14 16:49:03 | 000,002,756 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/02/14 15:55:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/14 15:55:50 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/14 03:09:27 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 02:16:03 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\brandon\resetlog.tx
[2010/02/14 01:59:11 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/14 01:59:11 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/14 01:59:11 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/14 01:59:09 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/14 01:59:08 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/14 01:59:08 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/14 01:59:04 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/14 01:53:05 | 006,685,013 | ---- | M] () -- C:\Documents and Settings\brandon\My Documents\u7avi18567.bin
[2010/02/14 01:51:32 | 064,126,334 | ---- | M] () -- C:\Documents and Settings\brandon\My Documents\f9all733cd.bin
[2010/02/14 01:09:06 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/14 01:09:05 | 047,541,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/14 01:09:05 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/14 01:07:07 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\brandon\My Documents\msvcfix.bat
[2010/02/14 01:06:35 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\brandon\My Documents\msvcfix.zip
[2010/02/14 01:06:10 | 080,328,144 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\brandon\My Documents\avg_free_stf_en_90_730a1834.exe
[2010/02/14 00:20:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

continued in next post:

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:25 am

OTL.txt Continued:

========== Files Created - No Company Name ==========

[2010/02/21 14:56:28 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\brandon\Desktop\CKScanner.exe
[2010/02/21 14:56:16 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\brandon\Desktop\LockSearch.exe
[2010/02/20 15:22:42 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\brandon\Desktop\WhoCrashed.lnk
[2010/02/16 22:07:06 | 000,011,621 | ---- | C] () -- C:\Documents and Settings\brandon\Desktop\Cheetah-Anti-Rogue.zip
[2010/02/16 19:24:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/02/15 22:42:44 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2010/02/15 22:42:41 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/15 22:41:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/15 22:41:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/15 22:41:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/15 22:41:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/15 22:41:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/15 22:40:14 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\brandon\Desktop\ComboFix.exe
[2010/02/14 16:25:50 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
[2010/02/14 15:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/14 15:55:50 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/14 02:16:03 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\brandon\resetlog.tx
[2010/02/14 01:52:56 | 006,685,013 | ---- | C] () -- C:\Documents and Settings\brandon\My Documents\u7avi18567.bin
[2010/02/14 01:51:30 | 064,126,334 | ---- | C] () -- C:\Documents and Settings\brandon\My Documents\f9all733cd.bin
[2010/02/14 01:09:06 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/14 01:09:05 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/14 01:09:03 | 047,541,798 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/14 01:09:03 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/14 01:09:03 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/14 01:09:03 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/14 01:07:54 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\brandon\My Documents\msvcfix.bat
[2010/02/14 01:06:34 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\brandon\My Documents\msvcfix.zip
[2010/02/14 00:20:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/01 14:04:57 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\brandon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 15:57:58 | 000,725,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/08/23 12:13:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/08/23 12:13:48 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/08/23 12:13:02 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/08/23 12:13:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/08/23 12:13:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/08/23 12:12:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/08/23 12:10:07 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/08/23 12:09:54 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/08/23 12:09:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/08/20 09:15:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/07/16 13:23:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/16 13:11:14 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/16 13:06:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/16 13:06:50 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/16 12:45:35 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/16 12:45:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/16 12:45:34 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/16 12:45:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/16 12:44:03 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/02/14 01:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/14 01:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/16 13:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/14 15:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/26 11:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brandon\Application Data\FUJIFILM
[2010/02/16 18:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\brandon\Application Data\QuickScan
[2010/02/17 17:42:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/08/24 21:01:40 | 015,083,520 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd160.exe

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-17 03:00:11

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 03:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004/08/04 03:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys
[2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\drivers\storage\R179638\iastor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\i386\iaStor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 03:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\i386\imm32.dll
[2004/08/04 03:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 09:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 03:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2007/04/16 08:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\i386\kernel32.dll
[2007/04/16 08:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 06:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[2009/03/21 06:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 10:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\i386\mswsock.dll
[2008/06/20 10:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 10:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 03:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 03:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/04 03:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 04:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 04:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\i386\ntfs.sys
[2007/02/09 04:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 03:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 03:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\i386\ntmssvc.dll
[2004/08/04 03:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 03:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/04 03:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 03:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/04 03:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 03:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\i386\sfcfiles.dll
[2004/08/04 03:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2005/06/10 17:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 16:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\i386\spoolsv.exe
[2005/06/10 16:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 03:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\i386\srsvc.dll
[2004/08/04 03:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 03:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\i386\termsrv.dll
[2004/08/04 03:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 03:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\i386\xmlprov.dll
[2004/08/04 03:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:25 am

Extras.txt

OTL Extras logfile created on: 2/22/2010 8:00:00 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\brandon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 131.77 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SFTTG1
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:3500-4500 Series Server -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\lxdicfg.exe" = C:\WINDOWS\system32\lxdicfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Device Monitor Application -- (Lexmark)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgui.exe" = C:\Program Files\AVG\AVG9\avgui.exe:*:Enabled:AVG Free User Interface -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe" = C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update -- (Lavasoft AB)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft AB)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{82246A1C-09A8-4FD7-9E0B-8894B6C1122D}" = SymNet
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E8010B32-BB8F-4600-9FB7-FDF16A69F1D8}" = hppusgP1500
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A00602-2313-45E7-9EDA-E11332FC5E17}" = ImagerSetup
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AVG9Uninstall" = AVG Free 9.0
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Free Window Registry Repair" = Free Window Registry Repair
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RescuePRO-3.0" = RescuePRO 3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WhoCrashed_is1" = WhoCrashed 2.00
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2010 1:26:31 AM | Computer Name = D2SFTTG1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x3327edd1.

Error - 2/16/2010 1:32:04 AM | Computer Name = D2SFTTG1 | Source = MsiInstaller | ID = 11706
Description = Product: Roxio Update Manager -- Error 1706. An installation package
for the product Roxio Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 2/16/2010 1:32:14 AM | Computer Name = D2SFTTG1 | Source = MsiInstaller | ID = 11706
Description = Product: Roxio Update Manager -- Error 1706. An installation package
for the product Roxio Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 2/16/2010 10:23:26 PM | Computer Name = D2SFTTG1 | Source = NativeWrapper | ID = 5000
Description =

Error - 2/16/2010 10:23:34 PM | Computer Name = D2SFTTG1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/16/2010 10:24:19 PM | Computer Name = D2SFTTG1 | Source = MsiInstaller | ID = 11706
Description = Product: Roxio Update Manager -- Error 1706. An installation package
for the product Roxio Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 2/16/2010 10:24:25 PM | Computer Name = D2SFTTG1 | Source = MsiInstaller | ID = 11706
Description = Product: Roxio Update Manager -- Error 1706. An installation package
for the product Roxio Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 2/16/2010 10:33:34 PM | Computer Name = D2SFTTG1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/17/2010 1:05:12 AM | Computer Name = D2SFTTG1 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\brandon\My Documents\Downloads\MicrosoftFixit50198.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 2/17/2010 1:45:42 AM | Computer Name = D2SFTTG1 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\brandon\My Documents\Downloads\MicrosoftFixit50198(2).msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

[ System Events ]
Error - 2/20/2010 7:30:13 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/21/2010 5:55:16 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/21/2010 5:55:38 PM | Computer Name = D2SFTTG1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SYMTDI

Error - 2/21/2010 5:57:21 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2010 6:00:19 PM | Computer Name = D2SFTTG1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HOMESTEAD that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3559C6B3-6E94-4522. The master browser is stopping or an election is
being forced.

Error - 2/21/2010 6:00:43 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2010 6:00:47 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2010 6:17:49 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/22/2010 10:51:18 PM | Computer Name = D2SFTTG1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SYMTDI

Error - 2/22/2010 10:55:14 PM | Computer Name = D2SFTTG1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 5:08 pm

Your system appears to be clean of malware. Are you still having issues on installing programs? Any other issues?

Re: Laptop connected to internet but will only browse in safe mode24th February 2010, 1:11 am

If its free of malware then I have no clue why the darn thing won't browse the internet or update anything. The only way I can get anything to update or browse is in safemode. It's connected fine, has a great signal and everything but for some reason I cannot browse/update in normal mode.

And yes, I'm still having problems installing some things. I keep getting the message telling me that the Administrator has policies set to prevent the installation of that program. I'm in the Admin account so I have no idea why I get that.

Thank you for your help thus far. I've been going nuts trying to figure this thing out. I looked for everything and never came up with any malware or viruses; so I'm glad I wasn't just crazy.
I just cant figure out why it wont browse when it's connected just fine. The first thing I checked was that it hadn't been switched to a proxy server, but no, that would be too simple. Sad tearing

Re: Laptop connected to internet but will only browse in safe mode24th February 2010, 4:24 am

Must be security software. We will get it figured out.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Re: Laptop connected to internet but will only browse in safe mode25th February 2010, 2:18 am

thank you for helping!!!

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 9.0
Antivirus out of date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Re: Laptop connected to internet but will only browse in safe mode25th February 2010, 3:01 pm

*REMOVED*
CODE ERROR

Last edited by DragonMaster Jay on 28th February 2010, 4:06 am; edited 1 time in total

Re: Laptop connected to internet but will only browse in safe mode27th February 2010, 9:35 pm

Is there an name in particular that I should save it under? Is that all I do with it is copy & paste?
Probably dumb questions, maybe I'm just a bit off today.

Re: Laptop connected to internet but will only browse in safe mode28th February 2010, 4:07 am

Sorry. Never mind. This forum has had a couple of errors, and it appears that full script was not appearing. I think we can try an alternate way of getting things fixed.

Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
Double-click DragonFix.reg, and follow the prompt(s).
Please reboot your computer.

Re: Laptop connected to internet but will only browse in safe mode28th February 2010, 10:24 pm

Don't have any of the realtime protection. Have ad-aware but the adwatch is not setup.

OK, I've run dragonfix and rebooted the laptop.

Re: Laptop connected to internet but will only browse in safe mode1st March 2010, 2:50 am

Now, does Internet Explorer work?

Re: Laptop connected to internet but will only browse in safe mode3rd March 2010, 3:09 am

Nope. Still getting the same thing. I have internet access, but for some reason IE and Firefox cannot browse. Sad tearing

Re: Laptop connected to internet but will only browse in safe mode3rd March 2010, 5:24 am

Download Win32kDiag from any of the following locations and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Re: Laptop connected to internet but will only browse in safe mode7th March 2010, 3:31 am

It doesn't seem to have found much, but here's the log.
Sorry for my rather long absence from the internet. The main provider in town is far less than reliable. Sad tearing

Running from: C:\Documents and Settings\brandon\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\brandon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Re: Laptop connected to internet but will only browse in safe mode7th March 2010, 10:21 am

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Double-click mbr.exe to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

Re: Laptop connected to internet but will only browse in safe mode8th March 2010, 1:13 am

Stealth MBR Rootkit Detector log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: Laptop connected to internet but will only browse in safe mode8th March 2010, 4:33 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Laptop connected to internet but will only browse in safe mode - Page 1 Icon13

Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button. Laptop connected to internet but will only browse in safe mode - Page 1 2hd457o

Laptop connected to internet but will only browse in safe mode - Page 1 2hd457o

Laptop connected to internet but will only browse in safe mode - Page 1 34gul1w

Set it to Maximum

Laptop connected to internet but will only browse in safe mode - Page 1 2n9gldh

IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.

Click Create Report to run it. Laptop connected to internet but will only browse in safe mode - Page 1 2ekm73m

Laptop connected to internet but will only browse in safe mode - Page 1 2ekm73m

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Re: Laptop connected to internet but will only browse in safe mode10th March 2010, 12:25 am

http://www.getsysteminfo.com/read.php?file=17a37ae4ae958867cd015857641abae4&ms=0

Re: Laptop connected to internet but will only browse in safe mode10th March 2010, 3:33 am

Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
- C:\WINDOWS\setpwr32.exe
Click on the submit button
Please post the results (URL) in your next reply.

Re: Laptop connected to internet but will only browse in safe mode13th March 2010, 9:58 pm

http://virusscan.jotti.org/en/scanresult/48ca6ca836242657ca6ef6710669008ed3a49e24/ebd43019996b4dc5e1f19bdcd75ed6da7f6719a5

Re: Laptop connected to internet but will only browse in safe mode14th March 2010, 2:44 am

LSP-Check

Please download LSPFix from here.
Run the LSPFix.exe that you have just finished downloading.
Write down all files that are in the left column (example: mswsock.dll, winrnr.dll, rsvpsp.dll) and then post them in your next reply, along with whether or not you see the phrase "No problems found".

Re: Laptop connected to internet but will only browse in safe mode17th March 2010, 10:59 pm

It says "No problems found"

mswsock.dll
winrnr.dll
nwprovau.dll
rsvpsp.dll

Re: Laptop connected to internet but will only browse in safe mode17th March 2010, 11:57 pm

Fixing the update/internet issue

Create a new System Restore Point
Close all programs, as this method will automatically shut down the computer.
Click on START type in Run then click on it in the results pane and copy & paste the following entry into the box and click OK
Code:
CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30
- CCleaner
- Double-click on the downloaded file "ccsetup229_slim.exe" and install the application.
- Keep the default installation folder "C:\Program Files\CCleaner"
- Click finish when done and close ALL PROGRAMS including your Web Browser
- Start the CCleaner program.
- Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
- Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
- Click on Run Cleaner button on the bottom right side of the program.
- Click OK to any prompts
- Close the program now and Restart the computer again

Please open Notepad and enter in the following:

@ECHO OFF
CLS
REM http://support.microsoft.com/kb/910359
REM http://support.microsoft.com/kb/555989
REM http://support.microsoft.com/kb/943144

ECHO This batch file will rename software distribution
ECHO folders and reregister files but should only be ran
ECHO on systems having troubles running the Windows Update Site
ECHO.
ECHO This link should be run when finished to get all updates
ECHO http://update.microsoft.com/microsoftupdate
ECHO.
ECHO Please press CTRL C to stop this batch file now... or
ECHO.
PAUSE
regsvr32 /s c:\windows\system32\actxprxy.dll
regsvr32 /s c:\windows\system32\jscript.dll
regsvr32 /s c:\windows\system32\mshtml.dll
regsvr32 /s c:\windows\system32\msjava.dll
regsvr32 /s c:\windows\system32\msxml.dll
regsvr32 /s c:\windows\system32\shdocvw.dll
regsvr32 /s c:\windows\system32\vbscript.dll
net stop wuauserv
net stop bits
net stop cryptsvc
ren %systemroot%\System32\Catroot2 Catroot2OLDER
net start cryptsvc
ren %systemroot%\SoftwareDistribution SoftwareDistributionOLDER
regsvr32 /s Actxprxy.dll
regsvr32 /s atl.dll
regsvr32 /s Browseui.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s dssenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s initpki.dll
regsvr32 /s jscript.dll
regsvr32 /s Mshtml.dll
regsvr32 /s Msjava.dll
regsvr32 /s Mssip32.dll
regsvr32 /s Mssip32.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml2.dll
regsvr32 /s msxml3.dll
regsvr32 /s Oleaut32.dll
regsvr32 /s qmgr.dll
regsvr32 /s qmgrprxy.dll
regsvr32 /s rsaenh.dll
regsvr32 /s sccbase.dll
regsvr32 /s Shdocvw.dll
regsvr32 /s shell32.dll
regsvr32 /s slbcsp.dll
regsvr32 /s softpub.dll
regsvr32 /s Softpub.dll
regsvr32 /s Urlmon.dll
regsvr32 /s wintrust.dll
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll
net start bits
net start wuauserv
net start Eventlog
PAUSE

Then, click File > Save as...
Save as fixWinUpd.bat to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on fixWinUpd.bat. You may see some errors, but let it run. Allow it to finish, then restart your computer. Try the update again.

Re: Laptop connected to internet but will only browse in safe mode20th March 2010, 10:55 pm

Everything ran ok. Not sure what update you were talking about.
Went back and looked to see which ones I had tried. Just the java update and the security fix.
Tried them both but I'm still getting that stupid "system administrator has policies set to prevent the installation" message.

Re: Laptop connected to internet but will only browse in safe mode21st March 2010, 8:11 pm

Please do this to disable UAC:

Open Command Prompt, start > search cmd and hit enter

Place this line in exactly to Command Prompt and press enter:

%windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Confirm any prompts and restart your computer.

Then, let me know if the issue still occurs with installing.

Re: Laptop connected to internet but will only browse in safe mode21st March 2010, 10:36 pm

Sadly it did not work. It still wont let me install anything.

Re: Laptop connected to internet but will only browse in safe mode22nd March 2010, 8:03 pm

Please download Dial-A-Fix from here.

Save it to your Desktop.

Open Dial-a-fix.exe

Click the green checkmark at the bottom of the window; this should select all options.

Now, click GO.

Allow it to run (the status will be displayed at the bottom), and follow any prompts you receive.

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 12:37 am

Well, I downloaded and ran it. Didn't get any prompts and it finished in like 2 or 3 minutes. It still wont let me download the update or the microsoft fix-it.

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 3:29 am

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 11:41 pm

OTL logfile created on: 3/23/2010 4:36:21 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 131.92 Gb Free Space | 90.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SFTTG1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/23 16:32:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/14 01:59:03 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/23 16:32:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2010/02/14 01:59:05 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/04/26 08:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/04/26 08:38:21 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/14 15:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 15:55:49 | 000,000,000 | ---D | M]

[2010/03/20 16:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/20 16:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kvifm9td.default\extensions
[2010/02/22 20:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/02/14 17:27:57 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/23 16:32:44 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/22 17:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/03/22 17:32:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/22 17:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24
[2010/03/20 16:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/03/20 16:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/03/20 16:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/03/20 16:31:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/20 15:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/03/20 15:38:31 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/03/20 15:38:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/03/20 15:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/14 01:08:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 15:57:58 | 000,725,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/08/23 12:09:54 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/08/23 12:09:53 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/08/23 12:09:53 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/08/23 12:09:52 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/08/23 12:09:52 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/08/23 12:09:52 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/08/23 12:09:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/08/23 12:09:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/08/23 12:09:51 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/08/23 12:09:50 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/08/23 12:09:48 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/08/23 12:09:48 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2008/07/16 13:23:08 | 000,025,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/11 15:20:48 | 003,184,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2004/08/11 15:20:25 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2004/08/11 15:07:11 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/23 16:36:02 | 000,529,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 16:36:02 | 000,446,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 16:36:02 | 000,073,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/23 16:32:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/23 16:30:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 17:38:25 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/22 17:38:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/22 17:38:23 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/03/22 17:33:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/03/22 17:33:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/22 17:31:34 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/03/22 17:29:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 17:09:52 | 000,007,390 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/03/20 16:47:36 | 000,747,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50198.msi
[2010/03/20 15:49:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 15:49:19 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 15:49:19 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 15:49:19 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/03/20 15:46:15 | 000,042,047 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/20 15:46:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/20 15:45:44 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 17:31:33 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/03/20 16:47:35 | 000,747,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50198.msi
[2010/03/20 16:03:32 | 000,007,390 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/08/23 12:13:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/08/23 12:13:48 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/08/23 12:13:02 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/08/23 12:13:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/08/23 12:13:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/08/23 12:12:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/08/23 12:10:07 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/08/23 12:09:54 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/08/23 12:09:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/08/20 09:15:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/07/16 13:23:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/16 13:11:14 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/16 13:06:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/16 13:06:50 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/16 12:45:35 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/16 12:45:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/16 12:45:34 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/16 12:45:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/16 12:44:03 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/02/14 01:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/14 01:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/16 13:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/14 15:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/20 15:46:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/15 22:35:45 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2010/03/20 15:49:19 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/02/15 22:47:16 | 000,018,853 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/16 12:47:24 | 000,006,665 | RH-- | M] () -- C:\dell.sdr
[2008/07/29 09:04:00 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/02/13 22:40:02 | 000,000,078 | ---- | M] () -- C:\lxdi.log
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/29 10:00:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/23 16:30:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/08/24 21:01:40 | 015,083,520 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd160.exe

< %PROGRAMFILES%\*. >
[2008/08/23 12:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2008/08/21 13:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/01 12:15:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Avago-HP
[2010/02/14 01:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/20 15:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/02/15 22:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/16 13:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/07/29 09:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/16 13:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/07/16 12:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/02/14 16:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\FinePixViewer
[2010/02/15 22:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair
[2008/07/29 09:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/20 09:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/09/26 11:03:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/02/14 03:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/29 10:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/06 09:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Lanier
[2008/08/24 20:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/02/14 16:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 3500-4500 Series
[2010/02/14 16:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2010/02/14 00:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/19 20:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/13 23:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/08/20 19:34:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2008/07/16 13:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/16 19:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/07/16 13:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/02/15 22:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/16 13:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/07/29 10:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/07/29 07:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/08/11 15:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/11 15:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/07/16 13:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/07/29 10:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/02/14 03:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/08/23 09:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2008/07/29 07:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/08/23 09:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\REGSHAVE
[2008/08/23 12:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\RescuePRO
[2010/02/16 19:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/07/16 13:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/13 23:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/23 15:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/07/29 07:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/03/20 15:38:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/20 15:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\WhoCrashed
[2008/07/29 07:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/02/14 16:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/07/29 10:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/20 15:38:31 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/13 23:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\drivers\storage\R179638\iastor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\i386\iaStor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/15 22:35:45 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2010/03/20 15:49:19 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/02/15 22:47:16 | 000,018,853 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/16 12:47:24 | 000,006,665 | RH-- | M] () -- C:\dell.sdr
[2008/07/29 09:04:00 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/02/13 22:40:02 | 000,000,078 | ---- | M] () -- C:\lxdi.log
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/29 10:00:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/23 16:30:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/08/24 21:01:40 | 015,083,520 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd160.exe

< %PROGRAMFILES%\*. >
[2008/08/23 12:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2008/08/21 13:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/01 12:15:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Avago-HP
[2010/02/14 01:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/20 15:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/02/15 22:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/16 13:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/07/29 09:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/16 13:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/07/16 12:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/02/14 16:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\FinePixViewer
[2010/02/15 22:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair
[2008/07/29 09:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/20 09:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/09/26 11:03:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/02/14 03:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/29 10:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/06 09:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Lanier
[2008/08/24 20:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/02/14 16:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 3500-4500 Series
[2010/02/14 16:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2010/02/14 00:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/19 20:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/13 23:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/08/20 19:34:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2008/07/16 13:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/16 19:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/07/16 13:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/02/15 22:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/16 13:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/07/29 10:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/07/29 07:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/08/11 15:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/11 15:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/07/16 13:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/07/29 10:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/02/14 03:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/08/23 09:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2008/07/29 07:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/08/23 09:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\REGSHAVE
[2008/08/23 12:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\RescuePRO
[2010/02/16 19:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/07/16 13:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/13 23:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/23 15:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/07/29 07:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/03/20 15:38:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/20 15:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\WhoCrashed
[2008/07/29 07:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/02/14 16:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/07/29 10:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/20 15:38:31 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/13 23:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\drivers\storage\R179638\iastor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\i386\iaStor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 11:42 pm

OTL logfile created on: 3/23/2010 4:36:21 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 131.92 Gb Free Space | 90.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SFTTG1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/23 16:32:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/14 01:59:03 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/23 16:32:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2010/02/14 01:59:05 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/04/26 08:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/04/26 08:38:21 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/14 15:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 15:55:49 | 000,000,000 | ---D | M]

[2010/03/20 16:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/20 16:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kvifm9td.default\extensions
[2010/02/22 20:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/02/14 17:27:57 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/23 16:32:44 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/22 17:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/03/22 17:32:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/22 17:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24
[2010/03/20 16:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/03/20 16:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/03/20 16:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/03/20 16:31:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/20 15:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/03/20 15:38:31 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/03/20 15:38:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/03/20 15:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/14 01:08:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/14 01:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 15:57:58 | 000,725,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/08/23 12:09:54 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/08/23 12:09:53 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/08/23 12:09:53 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/08/23 12:09:52 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/08/23 12:09:52 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/08/23 12:09:52 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/08/23 12:09:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/08/23 12:09:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/08/23 12:09:51 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/08/23 12:09:50 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/08/23 12:09:48 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/08/23 12:09:48 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2008/07/16 13:23:08 | 000,025,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/11 15:20:48 | 003,184,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2004/08/11 15:20:25 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2004/08/11 15:07:11 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/23 16:36:02 | 000,529,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 16:36:02 | 000,446,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 16:36:02 | 000,073,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/23 16:32:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/23 16:30:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 17:38:25 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/22 17:38:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/22 17:38:23 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/03/22 17:33:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/03/22 17:33:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/22 17:31:34 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/03/22 17:29:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 17:09:52 | 000,007,390 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/03/20 16:47:36 | 000,747,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50198.msi
[2010/03/20 15:49:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 15:49:19 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 15:49:19 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 15:49:19 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/03/20 15:46:15 | 000,042,047 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/20 15:46:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/20 15:45:44 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 17:31:33 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/03/20 16:47:35 | 000,747,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50198.msi
[2010/03/20 16:03:32 | 000,007,390 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/08/23 12:13:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/08/23 12:13:48 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/08/23 12:13:02 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/08/23 12:13:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/08/23 12:13:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/08/23 12:12:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/08/23 12:10:07 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/08/23 12:09:54 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/08/23 12:09:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/08/20 09:15:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/07/16 13:23:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/16 13:11:14 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/16 13:06:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/16 13:06:50 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/16 12:45:35 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/16 12:45:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/16 12:45:34 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/16 12:45:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/16 12:44:03 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/02/14 01:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/14 01:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/16 13:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/14 15:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/20 15:46:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/15 22:35:45 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2010/03/20 15:49:19 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/02/15 22:47:16 | 000,018,853 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/16 12:47:24 | 000,006,665 | RH-- | M] () -- C:\dell.sdr
[2008/07/29 09:04:00 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/02/13 22:40:02 | 000,000,078 | ---- | M] () -- C:\lxdi.log
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/29 10:00:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/23 16:30:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/08/24 21:01:40 | 015,083,520 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd160.exe

< %PROGRAMFILES%\*. >
[2008/08/23 12:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2008/08/21 13:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/01 12:15:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Avago-HP
[2010/02/14 01:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/20 15:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/02/15 22:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/16 13:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/07/29 09:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/16 13:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/07/16 12:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/02/14 16:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\FinePixViewer
[2010/02/15 22:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair
[2008/07/29 09:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/20 09:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/09/26 11:03:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/02/14 03:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/29 10:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/06 09:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Lanier
[2008/08/24 20:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/02/14 16:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 3500-4500 Series
[2010/02/14 16:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2010/02/14 00:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/19 20:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/13 23:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/08/20 19:34:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2008/07/16 13:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/16 19:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/07/16 13:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/02/15 22:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/16 13:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/07/29 10:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/02/14 15:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/07/29 07:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/08/11 15:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/11 15:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/07/16 13:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/07/29 10:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/02/14 03:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/08/23 09:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2008/07/29 07:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/08/23 09:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\REGSHAVE
[2008/08/23 12:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\RescuePRO
[2010/02/16 19:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/07/16 13:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/13 23:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/23 15:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/07/29 07:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/03/20 15:38:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/20 15:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\WhoCrashed
[2008/07/29 07:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/02/14 16:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/07/29 10:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/20 15:38:31 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/13 23:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\drivers\storage\R179638\iastor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\i386\iaStor.sys
[2008/03/17 12:54:30 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Re: Laptop connected to internet but will only browse in safe mode24th March 2010, 3:03 am

AVG might be an issue.

Please uninstall AVG, and let me know if this helps.

(We'll reinstall it later)

Laptop connected to internet but will only browse in safe mode

descriptionRe: Laptop connected to internet but will only browse in safe mode21st February 2010, 10:16 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd February 2010, 1:59 am

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:24 am

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:25 am

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:25 am

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd February 2010, 5:08 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode24th February 2010, 1:11 am

descriptionRe: Laptop connected to internet but will only browse in safe mode24th February 2010, 4:24 am

descriptionRe: Laptop connected to internet but will only browse in safe mode25th February 2010, 2:18 am

descriptionRe: Laptop connected to internet but will only browse in safe mode25th February 2010, 3:01 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode27th February 2010, 9:35 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode28th February 2010, 4:07 am

descriptionRe: Laptop connected to internet but will only browse in safe mode28th February 2010, 10:24 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode1st March 2010, 2:50 am

descriptionRe: Laptop connected to internet but will only browse in safe mode3rd March 2010, 3:09 am

descriptionRe: Laptop connected to internet but will only browse in safe mode3rd March 2010, 5:24 am

descriptionRe: Laptop connected to internet but will only browse in safe mode7th March 2010, 3:31 am

descriptionRe: Laptop connected to internet but will only browse in safe mode7th March 2010, 10:21 am

descriptionRe: Laptop connected to internet but will only browse in safe mode8th March 2010, 1:13 am

descriptionRe: Laptop connected to internet but will only browse in safe mode8th March 2010, 4:33 am

descriptionRe: Laptop connected to internet but will only browse in safe mode10th March 2010, 12:25 am

descriptionRe: Laptop connected to internet but will only browse in safe mode10th March 2010, 3:33 am

descriptionRe: Laptop connected to internet but will only browse in safe mode13th March 2010, 9:58 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode14th March 2010, 2:44 am

descriptionRe: Laptop connected to internet but will only browse in safe mode17th March 2010, 10:59 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode17th March 2010, 11:57 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode20th March 2010, 10:55 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode21st March 2010, 8:11 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode21st March 2010, 10:36 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode22nd March 2010, 8:03 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd March 2010, 12:37 am

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd March 2010, 3:29 am

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd March 2010, 11:41 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode23rd March 2010, 11:42 pm

descriptionRe: Laptop connected to internet but will only browse in safe mode24th March 2010, 3:03 am

descriptionRe: Laptop connected to internet but will only browse in safe mode

Re: Laptop connected to internet but will only browse in safe mode21st February 2010, 10:16 pm

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 1:59 am

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:24 am

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:25 am

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 3:25 am

Re: Laptop connected to internet but will only browse in safe mode23rd February 2010, 5:08 pm

Re: Laptop connected to internet but will only browse in safe mode24th February 2010, 1:11 am

Re: Laptop connected to internet but will only browse in safe mode24th February 2010, 4:24 am

Re: Laptop connected to internet but will only browse in safe mode25th February 2010, 2:18 am

Re: Laptop connected to internet but will only browse in safe mode25th February 2010, 3:01 pm

Re: Laptop connected to internet but will only browse in safe mode27th February 2010, 9:35 pm

Re: Laptop connected to internet but will only browse in safe mode28th February 2010, 4:07 am

Re: Laptop connected to internet but will only browse in safe mode28th February 2010, 10:24 pm

Re: Laptop connected to internet but will only browse in safe mode1st March 2010, 2:50 am

Re: Laptop connected to internet but will only browse in safe mode3rd March 2010, 3:09 am

Re: Laptop connected to internet but will only browse in safe mode3rd March 2010, 5:24 am

Re: Laptop connected to internet but will only browse in safe mode7th March 2010, 3:31 am

Re: Laptop connected to internet but will only browse in safe mode7th March 2010, 10:21 am

Re: Laptop connected to internet but will only browse in safe mode8th March 2010, 1:13 am

Re: Laptop connected to internet but will only browse in safe mode8th March 2010, 4:33 am

Re: Laptop connected to internet but will only browse in safe mode10th March 2010, 12:25 am

Re: Laptop connected to internet but will only browse in safe mode10th March 2010, 3:33 am

Re: Laptop connected to internet but will only browse in safe mode13th March 2010, 9:58 pm

Re: Laptop connected to internet but will only browse in safe mode14th March 2010, 2:44 am

Re: Laptop connected to internet but will only browse in safe mode17th March 2010, 10:59 pm

Re: Laptop connected to internet but will only browse in safe mode17th March 2010, 11:57 pm

Re: Laptop connected to internet but will only browse in safe mode20th March 2010, 10:55 pm

Re: Laptop connected to internet but will only browse in safe mode21st March 2010, 8:11 pm

Re: Laptop connected to internet but will only browse in safe mode21st March 2010, 10:36 pm

Re: Laptop connected to internet but will only browse in safe mode22nd March 2010, 8:03 pm

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 12:37 am

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 3:29 am

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 11:41 pm

Re: Laptop connected to internet but will only browse in safe mode23rd March 2010, 11:42 pm

Re: Laptop connected to internet but will only browse in safe mode24th March 2010, 3:03 am

Re: Laptop connected to internet but will only browse in safe mode