Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

registry infected


  • Please log in to reply

#1
lesliecox

lesliecox

    New Member

  • Member
  • Pip
  • 3 posts
I posted in the windows 7 topics before i read the msg from you guys.. sorry please dissreguard that one, i did all the steps, and my logs are at the bottom of my rambleing i promise. I hope im not crazy. the first one i ran found

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties)

I did all the steps and here are my logs.. and a description of a FEW of the tons of problems i have experienced after the 3 days my computer antivirus had ran out, and wireless belkin router was reset, didnt know that, and didnt password my connection. now belkin cant even secure it cause my mac address has been cloned they think. I have removed it, and disabled my wireless adapter. I have also ordered my disks from HP

the day before all this started happening i noticed mcafee had been installed on my computer, and i only had norton on it. (the one it came with) and i also had a new program in my start menu for my network card when i clicked on it to see what it was it installed a driver.
my office had also been changed from the regular version to the student....


my mac address shows up on my router twice with 2 different ip addresses, even when i turn my laptop off, one goes away but the others stay. We also have a PS3 and a desktop, and they only show up once. There is also a d-link wirless n router that shows up in my network map as connected, but i cant delete it. I called our ISP and on a day that we were not home and all nothing was done on any of our devices, over 4 megs of downloading was done under our ip address...

about 9 mo ago i had someone use all my card infos and cost me over 1000.00, i had my info in an excel spreadsheet on my computer then, and the companys that it was done with said they used my IP. I have changed my numbers and they have never been entered anywhere on any of my computers, (and the laptop that the info was on crashed not a month later, so its not connected) but my computer is doing some really weird things, and it happend right when my antivirus that came with my computer expired. and i dont want that to happen again

My msn messenger would sign out and tell me i had signed in at another location?

I went and bought a virus software b/c of all of this, when i registered my new antivirus, my screen blacked out for like 30 secs and then came back. The weird thing is that I put in my e-mail to register it and when it came back it gave me the conf listing my e-mail as [email protected] I had to contact mcafee, and they said that my account was registered with that e-mail address, and had to have it changed. I can understad a typo, but I know there is no way that I submitted that e-mail as mine.

I noticed the thing that checks if your programs are authentic was stopped so i started it and the next time i started my computer I had a thing pop up and tell me i was running a version of windows that was not authentic, and it flash and changed my desktop to a black page with writing telling me the same thing in type in the corner. then everything changed and looked old school, like i was runnin win 98 I purchased this computer from a retailer, and it was preloaded, so i know it is authentic. I feel like im crazy, but i know im not and something is def going on. my firewall keeps haveing rules applied, i can delete them, disable them, but they always come right back. someone please if this is normal please help me understand why? I have done a system restore (f11) and it did it, but it did weird things that usually dont happen, and if i try to make recovery disks, it tells me the recovery partion is empty, but if that is the case how am i restoring to the factory shiped (first use) that is stored in the same location. I also have these other adapters connecting and transmiting info.


ok here are my logs.

Malwarebytes' Anti-Malware 1.44
Database version: 3825
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/5/2010 12:22:08 AM
mbam-log-2010-03-05 (00-22-08).txt

Scan type: Quick Scan
Objects scanned: 98256
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER had errors when i open it: NOT SURE WHAT TO DO ON THIS!


C:\windows\system32\config\system: the system could not find the file specified

then when i hit scan it says it cant access C:\windows\system32\config\system: cause it is being used by another process.
then it starts to scan.

message pops up and says that GMR has not found any changes

also, all my check boxes but service, registry, and files are "greyed out" like lots of other things that i coudlnt gain access to as administrator.. i even went into the properties and changed permissions..



and here is my otl:


OTL logfile created on: 3/5/2010 1:44:08 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\cox\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 194.92 Gb Free Space | 88.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COX-PC
Current User Name: cox
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/05 01:41:08 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
PRC - [2010/02/11 10:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/24 20:26:22 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 01:41:08 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
MOD - [2009/07/13 17:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 17:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 17:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 17:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 17:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 17:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 17:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 17:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 17:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 17:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 17:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 17:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 17:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 17:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 12:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/24 09:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 12:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/17 12:37:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6a376d2-2778-11df-bc4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6a376d2-2778-11df-bc4d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\langsel.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 19:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/05 01:41:05 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
[2010/03/05 01:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/03/05 01:05:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/05 00:49:52 | 000,000,000 | ---D | C] -- C:\Users\cox\Documents\gmer[1]
[2010/03/05 00:29:59 | 000,120,912 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/03/05 00:29:59 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/03/05 00:29:57 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/03/05 00:29:56 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/03/05 00:29:52 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/03/05 00:29:02 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/03/05 00:29:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/03/05 00:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/03/05 00:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/05 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Malwarebytes
[2010/03/05 00:16:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/05 00:16:02 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/05 00:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/05 00:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/05 00:15:00 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\cox\Desktop\mbam-setup.exe
[2010/03/05 00:14:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/05 00:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/05 00:07:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\cox\Desktop\erunt_setup.exe
[2010/03/05 00:06:47 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\cox\Desktop\TFC.exe
[2010/03/04 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/03/04 23:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zynga
[2010/03/04 23:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2010/03/04 23:06:20 | 000,000,000 | ---D | C] -- C:\Microgaming
[2010/03/04 20:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bodog Casino
[2010/03/04 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Template
[2010/03/04 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/03/04 17:58:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/03/04 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Adobe
[2010/03/04 05:36:15 | 000,000,000 | ---D | C] -- C:\Users\cox\Tracing
[2010/03/04 05:32:57 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Macromedia
[2010/03/04 05:32:51 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Adobe
[2010/03/04 05:00:45 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Diagnostics
[2010/03/04 04:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\New folder
[2010/03/04 04:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/04 03:12:19 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\HpUpdate
[2010/03/04 03:07:15 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Hewlett-Packard
[2010/03/04 03:07:12 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\PictureMover
[2010/03/04 03:06:55 | 000,000,000 | R--D | C] -- C:\Users\cox\Searches
[2010/03/04 03:06:48 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Identities
[2010/03/04 03:06:46 | 000,000,000 | R--D | C] -- C:\Users\cox\Contacts
[2010/03/04 03:06:43 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\VirtualStore
[2010/03/04 03:06:35 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Hewlett-Packard_Company
[2010/03/04 03:06:32 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\hpqlog
[2010/03/04 03:06:29 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Hewlett-Packard
[2010/03/04 03:04:36 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\HP TCS
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\AppData\Local\Temporary Internet Files
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Templates
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Start Menu
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\SendTo
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Recent
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\PrintHood
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\NetHood
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Documents\My Videos
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Documents\My Pictures
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Documents\My Music
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\My Documents
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Local Settings
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\AppData\Local\History
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Cookies
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Application Data
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\AppData\Local\Application Data
[2010/03/04 03:02:31 | 000,000,000 | --SD | C] -- C:\Users\cox\AppData\Roaming\Microsoft
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Videos
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Saved Games
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Pictures
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Music
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Links
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Favorites
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Downloads
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Documents
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Desktop
[2010/03/04 03:02:31 | 000,000,000 | -H-D | C] -- C:\Users\cox\AppData
[2010/03/04 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Temp
[2010/03/04 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Microsoft
[2010/03/04 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Media Center Programs
[2010/03/04 02:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/03/04 02:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\muvee Technologies
[2010/03/04 02:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2010/03/04 02:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/03/04 02:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2010/03/04 02:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PictureMover
[2010/03/04 02:28:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/04 02:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/03/04 02:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2010/03/04 02:26:44 | 000,000,000 | ---D | C] -- C:\Intel
[2010/03/04 02:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/03/04 02:25:50 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/03/04 02:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/04 02:25:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/03/04 02:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/03/04 02:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/03/04 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/03/04 02:19:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/03/04 02:17:13 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2010/03/04 02:15:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 14 Days ==========

[2010/03/05 01:45:14 | 001,048,576 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT
[2010/03/05 01:41:08 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
[2010/03/05 01:21:33 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 01:21:33 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 01:14:53 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/05 01:14:53 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/05 01:14:53 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/05 01:10:12 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/05 01:09:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/05 01:09:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 01:09:04 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 01:08:25 | 001,614,598 | -H-- | M] () -- C:\Users\cox\AppData\Local\IconCache.db
[2010/03/05 00:30:00 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/03/05 00:29:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/03/05 00:28:16 | 044,696,968 | ---- | M] () -- C:\Users\cox\Desktop\setup_av_free.exe
[2010/03/05 00:16:06 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 00:15:15 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\cox\Desktop\mbam-setup.exe
[2010/03/05 00:13:03 | 000,001,068 | ---- | M] () -- C:\Users\cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/05 00:13:01 | 000,000,888 | ---- | M] () -- C:\Users\cox\Desktop\NTREGOPT.lnk
[2010/03/05 00:13:01 | 000,000,869 | ---- | M] () -- C:\Users\cox\Desktop\ERUNT.lnk
[2010/03/05 00:07:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\cox\Desktop\erunt_setup.exe
[2010/03/05 00:06:49 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\TFC.exe
[2010/03/04 23:07:14 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Villento.lnk
[2010/03/04 20:42:05 | 000,001,809 | ---- | M] () -- C:\Users\cox\Desktop\Bodog Casino.lnk
[2010/03/04 20:14:02 | 000,026,112 | ---- | M] () -- C:\Users\cox\Desktop\Untitled Document.wps
[2010/03/04 20:14:02 | 000,000,100 | ---- | M] () -- C:\Users\cox\AppData\Roaming\wklnhst.dat
[2010/03/04 20:05:47 | 000,434,774 | ---- | M] () -- C:\Users\cox\Desktop\Malware and Spyware Cleaning Guide.mht
[2010/03/04 19:21:37 | 000,524,288 | ---- | M] () -- C:\Users\cox\Desktop\dds.scr
[2010/03/04 19:16:41 | 000,524,288 | ---- | M] () -- C:\Users\cox\Desktop\dds.pif
[2010/03/04 17:58:54 | 000,002,963 | ---- | M] () -- C:\Users\cox\Desktop\HiJackThis.lnk
[2010/03/04 04:13:22 | 000,000,614 | ---- | M] () -- C:\Users\cox\Desktop\langsel - Shortcut.lnk
[2010/03/04 04:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 04:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 04:08:16 | 000,065,536 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/03/04 03:06:02 | 000,079,864 | ---- | M] () -- C:\Users\cox\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/04 03:03:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:03:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:02:32 | 000,000,020 | -HS- | M] () -- C:\Users\cox\ntuser.ini
[2010/03/04 03:01:53 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/03/04 03:01:53 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/03/04 03:00:20 | 000,328,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/04 02:37:24 | 000,000,020 | ---- | M] () -- C:\Windows\
[2010/03/04 02:32:10 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2010/03/04 02:30:49 | 000,014,338 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/03/04 02:25:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2010/03/05 00:30:00 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/03/05 00:29:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/03/05 00:28:11 | 044,696,968 | ---- | C] () -- C:\Users\cox\Desktop\setup_av_free.exe
[2010/03/05 00:16:06 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 00:13:03 | 000,001,068 | ---- | C] () -- C:\Users\cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/05 00:13:01 | 000,000,888 | ---- | C] () -- C:\Users\cox\Desktop\NTREGOPT.lnk
[2010/03/05 00:13:01 | 000,000,869 | ---- | C] () -- C:\Users\cox\Desktop\ERUNT.lnk
[2010/03/04 23:07:14 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Villento.lnk
[2010/03/04 20:42:05 | 000,001,809 | ---- | C] () -- C:\Users\cox\Desktop\Bodog Casino.lnk
[2010/03/04 20:14:01 | 000,026,112 | ---- | C] () -- C:\Users\cox\Desktop\Untitled Document.wps
[2010/03/04 20:05:43 | 000,434,774 | ---- | C] () -- C:\Users\cox\Desktop\Malware and Spyware Cleaning Guide.mht
[2010/03/04 19:16:28 | 000,524,288 | ---- | C] () -- C:\Users\cox\Desktop\dds.pif
[2010/03/04 19:16:05 | 000,524,288 | ---- | C] () -- C:\Users\cox\Desktop\dds.scr
[2010/03/04 18:36:56 | 000,000,100 | ---- | C] () -- C:\Users\cox\AppData\Roaming\wklnhst.dat
[2010/03/04 17:58:54 | 000,002,963 | ---- | C] () -- C:\Users\cox\Desktop\HiJackThis.lnk
[2010/03/04 04:13:22 | 000,000,614 | ---- | C] () -- C:\Users\cox\Desktop\langsel - Shortcut.lnk
[2010/03/04 03:07:22 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/03/04 03:07:19 | 000,000,000 | ---- | C] () -- C:\Users\cox\AppData\Local\QSwitch.txt
[2010/03/04 03:07:19 | 000,000,000 | ---- | C] () -- C:\Users\cox\AppData\Local\DSwitch.txt
[2010/03/04 03:07:19 | 000,000,000 | ---- | C] () -- C:\Users\cox\AppData\Local\AtStart.txt
[2010/03/04 03:04:29 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/03/04 03:03:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:03:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:02:32 | 000,524,288 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 03:02:32 | 000,524,288 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 03:02:32 | 000,065,536 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/03/04 03:02:32 | 000,000,020 | -HS- | C] () -- C:\Users\cox\ntuser.ini
[2010/03/04 03:02:31 | 001,048,576 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT
[2010/03/04 02:37:23 | 000,000,020 | ---- | C] () -- C:\Windows\
[2010/03/04 02:34:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/04 02:34:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/04 02:34:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/04 02:34:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/04 02:33:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/04 02:33:39 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/03/04 02:32:09 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2010/03/04 02:30:49 | 000,014,338 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/03/04 02:25:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/03/04 02:25:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/03/04 02:19:04 | 2361,806,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 02:17:42 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2009/08/17 12:26:56 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/17 12:22:44 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/17 12:20:53 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/17 12:20:07 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/04 03:07:24 | 000,000,000 | ---D | M] -- C:\Users\cox\AppData\Roaming\PictureMover
[2010/03/04 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\cox\AppData\Roaming\Template
[2009/07/13 21:08:49 | 000,004,864 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 17:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >




please help me and sorry about the duplicated posts





what is windows r longhorn? isnt that an op?
OTL logfile created on: 3/5/2010 2:46:12 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\cox\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 194.92 Gb Free Space | 88.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COX-PC
Current User Name: cox
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/05 02:28:20 | 000,293,376 | ---- | M] () -- C:\Users\cox\Desktop\gmer.exe
PRC - [2010/03/05 01:41:08 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
PRC - [2010/02/11 10:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/24 20:26:22 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 01:41:08 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
MOD - [2009/07/13 17:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/13 17:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/13 17:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/13 17:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/13 17:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009/07/13 17:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009/07/13 17:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/13 17:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/07/13 17:15:21 | 000,093,696 | ---- | M] (Windows Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
MOD - [2009/07/13 17:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 17:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 17:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 17:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 17:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 17:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 17:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 17:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 17:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 17:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 17:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 17:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 17:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 17:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 17:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 12:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/24 09:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 12:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/17 12:37:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6a376d2-2778-11df-bc4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6a376d2-2778-11df-bc4d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\langsel.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/05 01:41:05 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
[2010/03/05 01:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/03/05 01:05:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/05 00:49:52 | 000,000,000 | ---D | C] -- C:\Users\cox\Documents\gmer[1]
[2010/03/05 00:29:59 | 000,120,912 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/03/05 00:29:59 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/03/05 00:29:57 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/03/05 00:29:56 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/03/05 00:29:52 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/03/05 00:29:02 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/03/05 00:29:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/03/05 00:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/03/05 00:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/05 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Malwarebytes
[2010/03/05 00:16:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/05 00:16:02 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/05 00:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/05 00:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/05 00:15:00 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\cox\Desktop\mbam-setup.exe
[2010/03/05 00:14:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/05 00:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/05 00:07:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\cox\Desktop\erunt_setup.exe
[2010/03/05 00:06:47 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\cox\Desktop\TFC.exe
[2010/03/04 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/03/04 23:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zynga
[2010/03/04 23:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2010/03/04 23:06:20 | 000,000,000 | ---D | C] -- C:\Microgaming
[2010/03/04 20:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bodog Casino
[2010/03/04 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Template
[2010/03/04 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/03/04 17:58:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/03/04 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Adobe
[2010/03/04 05:36:15 | 000,000,000 | ---D | C] -- C:\Users\cox\Tracing
[2010/03/04 05:32:57 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Macromedia
[2010/03/04 05:32:51 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Adobe
[2010/03/04 05:00:45 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Diagnostics
[2010/03/04 04:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\New folder
[2010/03/04 04:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/04 03:12:19 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\HpUpdate
[2010/03/04 03:07:15 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Hewlett-Packard
[2010/03/04 03:07:12 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\PictureMover
[2010/03/04 03:06:55 | 000,000,000 | R--D | C] -- C:\Users\cox\Searches
[2010/03/04 03:06:48 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Identities
[2010/03/04 03:06:46 | 000,000,000 | R--D | C] -- C:\Users\cox\Contacts
[2010/03/04 03:06:43 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\VirtualStore
[2010/03/04 03:06:35 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Hewlett-Packard_Company
[2010/03/04 03:06:32 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\hpqlog
[2010/03/04 03:06:29 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Hewlett-Packard
[2010/03/04 03:04:36 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\HP TCS
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\AppData\Local\Temporary Internet Files
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Templates
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Start Menu
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\SendTo
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Recent
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\PrintHood
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\NetHood
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Documents\My Videos
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Documents\My Pictures
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Documents\My Music
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\My Documents
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Local Settings
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\AppData\Local\History
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Cookies
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\Application Data
[2010/03/04 03:02:32 | 000,000,000 | -HSD | C] -- C:\Users\cox\AppData\Local\Application Data
[2010/03/04 03:02:31 | 000,000,000 | --SD | C] -- C:\Users\cox\AppData\Roaming\Microsoft
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Videos
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Saved Games
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Pictures
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Music
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Links
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Favorites
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Downloads
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Documents
[2010/03/04 03:02:31 | 000,000,000 | R--D | C] -- C:\Users\cox\Desktop
[2010/03/04 03:02:31 | 000,000,000 | -H-D | C] -- C:\Users\cox\AppData
[2010/03/04 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Temp
[2010/03/04 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Local\Microsoft
[2010/03/04 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\cox\AppData\Roaming\Media Center Programs
[2010/03/04 02:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/03/04 02:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\muvee Technologies
[2010/03/04 02:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2010/03/04 02:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/03/04 02:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2010/03/04 02:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PictureMover
[2010/03/04 02:28:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/04 02:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/03/04 02:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2010/03/04 02:26:44 | 000,000,000 | ---D | C] -- C:\Intel
[2010/03/04 02:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/03/04 02:25:50 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/03/04 02:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/04 02:25:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/03/04 02:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/03/04 02:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/03/04 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/03/04 02:19:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/03/04 02:17:13 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2010/03/04 02:15:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 14 Days ==========

[2010/03/05 02:47:39 | 001,048,576 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT
[2010/03/05 02:28:20 | 000,293,376 | ---- | M] () -- C:\Users\cox\Desktop\gmer.exe
[2010/03/05 02:27:55 | 000,284,915 | ---- | M] () -- C:\Users\cox\Desktop\gmer.zip
[2010/03/05 01:41:08 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\OTL.exe
[2010/03/05 01:21:33 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 01:21:33 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 01:14:53 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/05 01:14:53 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/05 01:14:53 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/05 01:10:12 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/05 01:09:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/05 01:09:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 01:09:04 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 01:08:25 | 001,614,598 | -H-- | M] () -- C:\Users\cox\AppData\Local\IconCache.db
[2010/03/05 00:30:00 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/03/05 00:29:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/03/05 00:28:16 | 044,696,968 | ---- | M] () -- C:\Users\cox\Desktop\setup_av_free.exe
[2010/03/05 00:16:06 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 00:15:15 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\cox\Desktop\mbam-setup.exe
[2010/03/05 00:13:03 | 000,001,068 | ---- | M] () -- C:\Users\cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/05 00:13:01 | 000,000,888 | ---- | M] () -- C:\Users\cox\Desktop\NTREGOPT.lnk
[2010/03/05 00:13:01 | 000,000,869 | ---- | M] () -- C:\Users\cox\Desktop\ERUNT.lnk
[2010/03/05 00:07:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\cox\Desktop\erunt_setup.exe
[2010/03/05 00:06:49 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\cox\Desktop\TFC.exe
[2010/03/04 23:07:14 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Villento.lnk
[2010/03/04 20:42:05 | 000,001,809 | ---- | M] () -- C:\Users\cox\Desktop\Bodog Casino.lnk
[2010/03/04 20:14:02 | 000,026,112 | ---- | M] () -- C:\Users\cox\Desktop\Untitled Document.wps
[2010/03/04 20:14:02 | 000,000,100 | ---- | M] () -- C:\Users\cox\AppData\Roaming\wklnhst.dat
[2010/03/04 20:05:47 | 000,434,774 | ---- | M] () -- C:\Users\cox\Desktop\Malware and Spyware Cleaning Guide.mht
[2010/03/04 17:58:54 | 000,002,963 | ---- | M] () -- C:\Users\cox\Desktop\HiJackThis.lnk
[2010/03/04 04:13:22 | 000,000,614 | ---- | M] () -- C:\Users\cox\Desktop\langsel - Shortcut.lnk
[2010/03/04 04:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 04:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 04:08:16 | 000,065,536 | -HS- | M] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/03/04 03:06:02 | 000,079,864 | ---- | M] () -- C:\Users\cox\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/04 03:03:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:03:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:02:32 | 000,000,020 | -HS- | M] () -- C:\Users\cox\ntuser.ini
[2010/03/04 03:01:53 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/03/04 03:01:53 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/03/04 03:00:20 | 000,328,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/04 02:37:24 | 000,000,020 | ---- | M] () -- C:\Windows\
[2010/03/04 02:32:10 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2010/03/04 02:30:49 | 000,014,338 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/03/04 02:25:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2010/03/05 02:27:54 | 000,284,915 | ---- | C] () -- C:\Users\cox\Desktop\gmer.zip
[2010/03/05 00:30:00 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/03/05 00:29:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/03/05 00:28:11 | 044,696,968 | ---- | C] () -- C:\Users\cox\Desktop\setup_av_free.exe
[2010/03/05 00:16:06 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 00:13:03 | 000,001,068 | ---- | C] () -- C:\Users\cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/05 00:13:01 | 000,000,888 | ---- | C] () -- C:\Users\cox\Desktop\NTREGOPT.lnk
[2010/03/05 00:13:01 | 000,000,869 | ---- | C] () -- C:\Users\cox\Desktop\ERUNT.lnk
[2010/03/04 23:07:14 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Villento.lnk
[2010/03/04 20:42:05 | 000,001,809 | ---- | C] () -- C:\Users\cox\Desktop\Bodog Casino.lnk
[2010/03/04 20:14:01 | 000,026,112 | ---- | C] () -- C:\Users\cox\Desktop\Untitled Document.wps
[2010/03/04 20:05:43 | 000,434,774 | ---- | C] () -- C:\Users\cox\Desktop\Malware and Spyware Cleaning Guide.mht
[2010/03/04 18:36:56 | 000,000,100 | ---- | C] () -- C:\Users\cox\AppData\Roaming\wklnhst.dat
[2010/03/04 17:58:54 | 000,002,963 | ---- | C] () -- C:\Users\cox\Desktop\HiJackThis.lnk
[2010/03/04 04:13:22 | 000,000,614 | ---- | C] () -- C:\Users\cox\Desktop\langsel - Shortcut.lnk
[2010/03/04 03:07:22 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/03/04 03:07:19 | 000,000,000 | ---- | C] () -- C:\Users\cox\AppData\Local\QSwitch.txt
[2010/03/04 03:07:19 | 000,000,000 | ---- | C] () -- C:\Users\cox\AppData\Local\DSwitch.txt
[2010/03/04 03:07:19 | 000,000,000 | ---- | C] () -- C:\Users\cox\AppData\Local\AtStart.txt
[2010/03/04 03:04:29 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/03/04 03:03:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:03:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9350GSK_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#100304_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/03/04 03:02:32 | 000,524,288 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 03:02:32 | 000,524,288 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 03:02:32 | 000,065,536 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/03/04 03:02:32 | 000,000,020 | -HS- | C] () -- C:\Users\cox\ntuser.ini
[2010/03/04 03:02:31 | 001,048,576 | -HS- | C] () -- C:\Users\cox\NTUSER.DAT
[2010/03/04 02:37:23 | 000,000,020 | ---- | C] () -- C:\Windows\
[2010/03/04 02:34:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/04 02:34:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/04 02:34:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/04 02:34:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/04 02:33:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/04 02:33:39 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/03/04 02:32:09 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2010/03/04 02:30:49 | 000,014,338 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/03/04 02:25:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/03/04 02:25:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/03/04 02:19:04 | 2361,806,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 02:17:42 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2009/08/17 12:26:56 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/17 12:22:44 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/17 12:20:53 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/17 12:20:07 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/04 03:07:24 | 000,000,000 | ---D | M] -- C:\Users\cox\AppData\Roaming\PictureMover
[2010/03/04 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\cox\AppData\Roaming\Template
[2009/07/13 21:08:49 | 000,004,864 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


forgot the extra log


OTL Extras logfile created on: 3/5/2010 2:46:12 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\cox\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 194.92 Gb Free Space | 88.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COX-PC
Current User Name: cox
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"Bodog Casino" = Bodog Casino
"ERUNT_is1" = ERUNT 1.1j
"Homepage Protection" = Homepage Protection
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Villento" = Villento
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zynga Toolbar" = Zynga Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2010 7:06:04 AM | Computer Name = cox-PC | Source = Network not useful. Exception. HP AdvisorUpdate | ID = 0
Description = The remote name could not be resolved: 'www.rssx.hp.com' at System.Net.HttpWebRequest.GetResponse()

at TotalCareSetup.Common.InternetDetector.HttpUtility.GetIsNetworkUseful()

Error - 3/5/2010 3:12:23 AM | Computer Name = cox-PC | Source = Application Hang | ID = 1002
Description = The program Casinogame.exe version 16.0.0.3104 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 26c Start
Time: 01cabc327c5c5abd Termination Time: 62 Application Path: C:\Microgaming\Casino\Villento\Casinogame.exe

Report
Id: 6b65046d-2826-11df-9166-001f16e79900

Error - 3/5/2010 5:03:08 AM | Computer Name = cox-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'avast! Antivirus' could not be shut down.

Error - 3/5/2010 5:03:08 AM | Computer Name = cox-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'avast! Antivirus' could not be shut down.

Error - 3/5/2010 5:03:26 AM | Computer Name = cox-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 3/5/2010 5:03:30 AM | Computer Name = cox-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 3/5/2010 5:03:30 AM | Computer Name = cox-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 3/5/2010 5:05:24 AM | Computer Name = cox-PC | Source = MsiInstaller | ID = 11714
Description =

[ System Events ]
Error - 3/4/2010 7:18:35 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Modules Installer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 3/4/2010 7:18:57 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 3/4/2010 7:19:06 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated
unexpectedly. It has done this 2 time(s). The following corrective action will
be taken in 960000 milliseconds: Restart the service.

Error - 3/4/2010 7:19:12 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/4/2010 7:19:19 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 3/4/2010 8:04:47 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The SSDP Discovery service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 3/4/2010 8:06:10 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The RPC Endpoint Mapper service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 3/4/2010 8:06:10 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 3/4/2010 8:08:10 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7038
Description = The RpcEptMapper service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 3/4/2010 8:08:10 AM | Computer Name = cox-PC | Source = Service Control Manager | ID = 7000
Description = The RPC Endpoint Mapper service failed to start due to the following
error: %%1069


< End of report >

Edited by lesliecox, 05 March 2010 - 03:17 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP