Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus - Troj/unruy-Gen [Solved]


  • This topic is locked This topic is locked

#1
Borrowed Time

Borrowed Time

    Member

  • Member
  • PipPip
  • 43 posts
This is my first time posting. Thank you for the forum. The place looks very clean. I thank you for the time you donate in helping me out. This is very much appreciated.

Webroot reports that the offending file is to be found in C:\System Volume Information\Microsoft\smss.exe and services.exe. Both of which Webroot reports that it removes during pre-boot but if I run a scan after boot they are still there. Also I get pop up advertising even when not using the browser. It appears to me that the longer I stay in Vista the more virus and malware activity appears.

I dual boot XP and Vista. Vista has the problem. I am writing this from XP. I have read and executed the instructions for 'Virus, Spyware & Malware Removal'. Following are the results of the logs from the three scans. I did not receive any messages of a virus in any of the scans.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-01 11:12:44
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: G:\Users\me\AppData\Local\Temp\ugldrpow.sys


---- System - GMER 1.0.15 ----

SSDT 84DC0F30 ZwAllocateVirtualMemory
SSDT 84DB5618 ZwCreateProcess
SSDT 84E1E518 ZwCreateProcessEx
SSDT 84E1E338 ZwCreateThread
SSDT 84DC0FA8 ZwQueueApcThread
SSDT 84DC0E40 ZwReadVirtualMemory
SSDT 84E1E1D0 ZwSetContextThread
SSDT 84E1E428 ZwSetInformationProcess
SSDT 84E1E248 ZwSetInformationThread
SSDT 84E1E3B0 ZwSuspendProcess
SSDT 84DC0020 ZwSuspendThread
SSDT 84E1E4A0 ZwTerminateProcess
SSDT 84E1E2C0 ZwTerminateThread
SSDT 84DC0EB8 ZwWriteVirtualMemory
SSDT 84DC0D50 ZwCreateThreadEx
SSDT 84DC0DC8 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 81EC0894 4 Bytes [30, 0F, DC, 84]
.text ntkrnlpa.exe!KeSetEvent + 209 81EC096C 8 Bytes [18, 56, DB, 84, 18, E5, E1, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 81EC0984 4 Bytes [38, E3, E1, 84] {CMP BL, AH; LOOPZ 0xffffffffffffff88}
.text ntkrnlpa.exe!KeSetEvent + 4E5 81EC0C48 4 Bytes [A8, 0F, DC, 84]
.text ntkrnlpa.exe!KeSetEvent + 4FD 81EC0C60 4 Bytes [40, 0E, DC, 84]
.text ...
.text G:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8B604000, 0x2F786C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 73119AC9 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CallNextHookEx 76DA8E3B 5 Bytes JMP 7310D0ED G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 7308467C G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateWindowExW 76DB1305 5 Bytes JMP 7311DB1C G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamW 76DD2EF5 5 Bytes JMP 7321480F G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamA 76DE8152 5 Bytes JMP 732147AC G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamA 76DE847D 5 Bytes JMP 73214872 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectA 76DFD4D9 5 Bytes JMP 73214741 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectW 76DFD5D3 5 Bytes JMP 732146D6 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExA 76DFD639 5 Bytes JMP 73214674 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExW 76DFD65D 5 Bytes JMP 73214612 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] ole32.dll!OleLoadFromStream 759D1E12 5 Bytes JMP 73214B77 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1308] ole32.dll!CoCreateInstance 75A09EA6 5 Bytes JMP 7311DB78 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[2092] kernel32.dll!CreateThread + 1A 7711C928 4 Bytes CALL 00450771 G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!CreateWindowExW 76DB1305 5 Bytes JMP 7311DB1C G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!DialogBoxIndirectParamW 76DD2EF5 5 Bytes JMP 7321480F G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!DialogBoxParamA 76DE8152 5 Bytes JMP 732147AC G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!DialogBoxIndirectParamA 76DE847D 5 Bytes JMP 73214872 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!MessageBoxIndirectA 76DFD4D9 5 Bytes JMP 73214741 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!MessageBoxIndirectW 76DFD5D3 5 Bytes JMP 732146D6 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!MessageBoxExA 76DFD639 5 Bytes JMP 73214674 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!MessageBoxExW 76DFD65D 5 Bytes JMP 73214612 G:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2688] ntdll.dll!KiUserExceptionDispatcher + A 772E5DD2 5 Bytes JMP 00017DB0 G:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text G:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2688] kernel32.dll!VirtualProtect 770D1DC3 5 Bytes JMP 000169B0 G:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text G:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2688] kernel32.dll!LoadLibraryExW 770F9109 5 Bytes JMP 00016000 G:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text G:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2688] kernel32.dll!VirtualFree 771140AA 5 Bytes JMP 00016990 G:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text G:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2688] kernel32.dll!VirtualAlloc 7711AD55 5 Bytes JMP 00016960 G:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text G:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2688] kernel32.dll!CreateFileA 7711CE5F 5 Bytes JMP 00016000 G:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text G:\Program Files\Mozilla Firefox\firefox.exe[3172] ntdll.dll!LdrLoadDll 772A9390 5 Bytes JMP 00D113F0 G:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

---- EOF - GMER 1.0.15 ----



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4260

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

01/07/2010 10:52:09 AM
mbam-log-2010-07-01 (10-52-09).txt

Scan type: Quick scan
Objects scanned: 124259
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 01/07/2010 11:15:02 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = I:\virus removal\software
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 175.78 Gb Total Space | 154.11 Gb Free Space | 87.67% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 346.45 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 129.81 Gb Free Space | 13.94% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 304.45 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive G: | 250.91 Gb Total Space | 225.78 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
Drive H: | 39.06 Gb Total Space | 22.09 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
Drive I: | 146.48 Gb Total Space | 124.88 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive J: | 319.28 Gb Total Space | 295.78 Gb Free Space | 92.64% Space Free | Partition Type: NTFS
Drive L: | 232.88 Gb Total Space | 211.53 Gb Free Space | 90.83% Space Free | Partition Type: NTFS
Drive X: | 369.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOU
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010/07/01 09:54:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- I:\virus removal\software\OTL.exe
PRC - [2010/06/27 01:36:12 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- G:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/06 19:12:38 | 000,372,736 | ---- | M] (AMD) -- G:\Windows\System32\atieclxx.exe
PRC - [2010/04/06 19:12:04 | 000,172,032 | ---- | M] (AMD) -- G:\Windows\System32\atiesrxx.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- G:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- G:\Windows\explorer.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/05 20:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- G:\Windows\RtHDVCpl.exe
PRC - [2007/05/23 16:30:26 | 000,401,408 | ---- | M] (Intel Corporation) -- G:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/05/23 16:30:22 | 000,176,128 | ---- | M] (Intel Corporation) -- G:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/05/23 16:30:10 | 002,514,944 | ---- | M] (Intel) -- G:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/05/23 16:29:34 | 000,102,400 | ---- | M] (Intel) -- G:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- G:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/05/01 17:26:54 | 001,719,808 | ---- | M] (GT Technologies) -- C:\AcqURL\AcqURL.exe
PRC - [2004/10/03 13:31:08 | 000,375,808 | ---- | M] (P.J.Kraaima) -- G:\Program Files\GGSearchTool\ggsearch.exe
PRC - [2004/07/17 08:02:34 | 000,334,336 | ---- | M] (Groom-A-Zebu ™ ) -- I:\Storage\Proxomitron\Proxomitron.exe


========== Modules (SafeList) ==========

MOD - [2010/07/01 09:54:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- I:\virus removal\software\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- G:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/27 01:36:12 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- G:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/06 19:12:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- G:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/23 16:30:22 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- G:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/05/23 16:30:10 | 002,514,944 | ---- | M] (Intel) [Auto | Running] -- G:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®
SRV - [2007/05/23 16:29:34 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- G:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/04/06 19:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/04/06 18:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/03/26 01:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2010/03/09 03:20:14 | 000,104,464 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/02/03 00:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- G:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- G:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- G:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/09/23 16:12:12 | 000,125,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel®
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/10/01 16:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/07/09 18:59:00 | 001,792,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/11 04:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/18 06:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 C5 45 D9 9F 15 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/06/27 08:06:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/06/27 09:28:52 | 000,000,000 | ---D | M]

[2010/06/27 08:06:47 | 000,000,000 | ---D | M] -- G:\Users\me\AppData\Roaming\Mozilla\Extensions
[2010/06/30 19:34:51 | 000,000,000 | ---D | M] -- G:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zr1sqm00.default\extensions
[2010/06/27 08:51:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zr1sqm00.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/27 08:06:28 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/27 00:47:44 | 000,000,761 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AcqURL] c:\AcqURL\AcqURL.exe (GT Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] G:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [OpwareSE4] G:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] G:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpySweeper] G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] G:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GGSearchTool.lnk = G:\Program Files\GGSearchTool\ggsearch.exe (P.J.Kraaima)
O4 - Startup: G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Shortcut.lnk = I:\Storage\Proxomitron\Proxomitron.exe (Groom-A-Zebu ™ )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - G:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - G:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: I:\Storage\Desktop wallpaper\gcenter_hstspitzer_big.jpg
O24 - Desktop BackupWallPaper: I:\Storage\Desktop wallpaper\gcenter_hstspitzer_big.jpg
O30 - LSA: Authentication Packages - (ft Co) - File not found
O30 - LSA: Security Packages - (X2嘀㲶譫 獭ㅶた搮汬) - File not found
O30 - LSA: Security Packages - (> 뻯㲶譫㲶譫&) - File not found
O30 - LSA: Security Packages - () - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/11 08:06:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/29 20:00:26 | 000,000,232 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bfddf920-65a5-11df-8e4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bfddf920-65a5-11df-8e4f-806e6f6e6963}\Shell\AutoRun\command - "" = X:\MInst.exe -- [2006/02/02 01:35:40 | 000,389,120 | R--- | M] (Canon Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - G:\Windows\System32\ias [2010/06/27 17:05:04 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - G:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - G:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - G:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - G:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - G:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - G:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - G:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - G:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - G:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - G:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - G:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - G:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - G:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - G:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - G:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - G:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - G:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - G:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - G:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/29 22:39:28 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Malwarebytes
[2010/06/29 22:39:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 22:39:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2010/06/29 22:39:17 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2010/06/29 22:39:15 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2010/06/29 22:30:48 | 000,000,000 | ---D | C] -- G:\Windows\ERDNT
[2010/06/29 22:19:48 | 000,000,000 | ---D | C] -- G:\Program Files\ERUNT
[2010/06/28 03:26:44 | 000,000,000 | ---D | C] -- G:\Users\me\Tracing
[2010/06/28 03:26:05 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Office Outlook Connector
[2010/06/28 03:25:50 | 000,000,000 | ---D | C] -- G:\Windows\System32\DRVSTORE
[2010/06/28 03:25:10 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Sync Framework
[2010/06/28 03:24:08 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/28 03:23:17 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft
[2010/06/28 03:23:05 | 000,000,000 | ---D | C] -- G:\Users\Public\Documents\microsoft
[2010/06/28 03:22:57 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Live SkyDrive
[2010/06/28 03:22:32 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Live
[2010/06/28 03:15:30 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Windows Live
[2010/06/28 03:15:10 | 000,000,000 | ---D | C] -- G:\Windows\System32\WindowsPowerShell
[2010/06/28 03:12:23 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Silverlight
[2010/06/27 21:30:26 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Apps
[2010/06/27 21:05:54 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Portable Devices
[2010/06/27 20:44:19 | 000,000,000 | ---D | C] -- G:\Windows\System32\eu-ES
[2010/06/27 20:44:19 | 000,000,000 | ---D | C] -- G:\Windows\System32\ca-ES
[2010/06/27 20:44:18 | 000,000,000 | ---D | C] -- G:\Windows\System32\vi-VN
[2010/06/27 18:08:12 | 000,000,000 | ---D | C] -- G:\Windows\System32\EventProviders
[2010/06/27 17:04:37 | 000,000,000 | ---D | C] -- G:\PerfLogs
[2010/06/27 16:10:28 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\pdf995
[2010/06/27 16:09:38 | 000,249,856 | ---- | C] (TODO: <Company name>) -- G:\Windows\System32\pdfmona.dll
[2010/06/27 16:09:38 | 000,000,000 | ---D | C] -- G:\ProgramData\pdf995
[2010/06/27 16:08:02 | 000,000,000 | ---D | C] -- G:\Program Files\pdf995
[2010/06/27 16:06:51 | 000,000,000 | ---D | C] -- G:\Program Files\MSECache
[2010/06/27 11:06:54 | 000,000,000 | ---D | C] -- G:\Program Files\TradeFreedom
[2010/06/27 10:29:18 | 000,000,000 | ---D | C] -- G:\Program Files\MSXML 4.0
[2010/06/27 09:29:16 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Adobe
[2010/06/27 09:28:29 | 000,000,000 | ---D | C] -- G:\ProgramData\Adobe
[2010/06/27 09:28:07 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Adobe
[2010/06/27 09:28:07 | 000,000,000 | ---D | C] -- G:\Program Files\Adobe
[2010/06/27 09:25:40 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Macromedia
[2010/06/27 09:25:40 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Adobe
[2010/06/27 09:25:34 | 000,000,000 | ---D | C] -- G:\Windows\System32\Macromed
[2010/06/27 09:17:43 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Scansoft
[2010/06/27 09:09:51 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\PDFView
[2010/06/27 09:09:39 | 000,000,000 | ---D | C] -- G:\Program Files\NewSoft
[2010/06/27 09:09:39 | 000,000,000 | ---D | C] -- G:\Windows\System32\Color
[2010/06/27 09:09:02 | 000,000,000 | ---D | C] -- G:\ProgramData\InstallShield
[2010/06/27 09:08:51 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\ScanSoft
[2010/06/27 09:08:37 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\ScanSoft Shared
[2010/06/27 09:08:37 | 000,000,000 | ---D | C] -- G:\ProgramData\ScanSoft
[2010/06/27 09:07:59 | 000,000,000 | ---D | C] -- G:\Program Files\ScanSoft
[2010/06/27 09:04:14 | 000,000,000 | -H-D | C] -- G:\Windows\System32\CanonMF Uninstaller Information
[2010/06/27 08:59:43 | 000,000,000 | ---D | C] -- G:\Program Files\Canon
[2010/06/27 08:06:38 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Mozilla
[2010/06/27 08:06:38 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Mozilla
[2010/06/27 08:06:23 | 000,000,000 | ---D | C] -- G:\Program Files\Mozilla Firefox
[2010/06/27 01:35:07 | 000,000,000 | ---D | C] -- G:\Program Files\Ask.com
[2010/06/27 01:34:46 | 000,000,000 | ---D | C] -- G:\Program Files\MSSOAP
[2010/06/27 01:34:46 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\MSSoap
[2010/06/27 00:44:42 | 000,023,864 | ---- | C] (Webroot Software Inc (www.webroot.com)) -- G:\Windows\System32\drivers\sskbfd.sys
[2010/06/27 00:44:39 | 000,585,216 | ---- | C] (Webroot Software, Inc.) -- G:\Windows\WRSetup.dll
[2010/06/27 00:44:39 | 000,000,000 | ---D | C] -- G:\ProgramData\Webroot
[2010/06/27 00:44:39 | 000,000,000 | ---D | C] -- G:\Program Files\Webroot
[2010/06/26 23:23:30 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\WindowsUpdate
[2010/06/26 21:41:16 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Webroot
[2010/06/26 21:31:35 | 000,000,000 | ---D | C] -- G:\Program Files\GGSearchTool
[2010/06/26 20:30:07 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Works
[2010/06/26 20:29:52 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Visual Studio
[2010/06/26 20:29:52 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\DESIGNER
[2010/06/26 20:29:27 | 000,000,000 | ---D | C] -- G:\Windows\PCHEALTH
[2010/06/26 20:29:27 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft.NET
[2010/06/26 20:27:24 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Microsoft Help
[2010/06/26 20:27:21 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Office
[2010/06/26 20:27:21 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft Help
[2010/06/26 20:26:54 | 000,000,000 | RH-D | C] -- G:\MSOCache
[2010/06/26 20:21:15 | 000,000,000 | ---D | C] -- G:\Program Files\Intel Desktop Board
[2010/06/26 19:26:54 | 000,000,000 | -HSD | C] -- G:\Windows\System32\%APPDATA%
[2010/06/26 18:57:39 | 000,000,000 | ---D | C] -- G:\Windows\Minidump
[2010/05/29 13:56:14 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\MigWiz
[2010/05/22 17:03:34 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\ATI
[2010/05/22 17:03:34 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\ATI
[2010/05/22 17:03:34 | 000,000,000 | ---D | C] -- G:\ProgramData\ATI
[2010/05/22 16:57:45 | 000,000,000 | ---D | C] -- G:\Program Files\ATI Technologies
[2010/05/22 16:57:39 | 000,000,000 | ---D | C] -- G:\Program Files\ATI
[2010/05/22 16:57:00 | 000,000,000 | ---D | C] -- G:\ATI
[2010/05/22 14:55:16 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\postureAgent
[2010/05/22 14:51:50 | 000,000,000 | ---D | C] -- G:\Windows\System32\Lang
[2010/05/22 14:49:27 | 000,000,000 | ---D | C] -- G:\Windows\System32\RTCOM
[2010/05/22 14:47:29 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- G:\Windows\System32\maxxaudioapo.dll
[2010/05/22 14:47:27 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- G:\Windows\System32\SRSTSXT.dll
[2010/05/22 14:47:27 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- G:\Windows\System32\SRSTSHD.dll
[2010/05/22 14:47:27 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- G:\Windows\System32\SRSHP360.dll
[2010/05/22 14:47:27 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- G:\Windows\System32\SRSWOW.dll
[2010/05/22 14:47:22 | 004,669,440 | ---- | C] (Realtek Semiconductor) -- G:\Windows\RtHDVCpl.exe
[2010/05/22 14:47:13 | 000,000,000 | ---D | C] -- G:\Program Files\Realtek
[2010/05/22 14:47:05 | 000,000,000 | -H-D | C] -- G:\Program Files\InstallShield Installation Information
[2010/05/22 14:46:49 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\InstallShield
[2010/05/22 14:43:06 | 000,000,000 | ---D | C] -- G:\Windows\ASUSInstAll
[2010/05/22 14:37:11 | 000,000,000 | ---D | C] -- G:\Intel
[2010/05/22 08:19:42 | 000,000,000 | ---D | C] -- G:\Program Files\Intel
[2010/05/22 08:18:24 | 000,000,000 | -HSD | C] -- G:\Windows\Installer
[2010/05/22 07:26:21 | 000,000,000 | ---D | C] -- G:\Windows\Panther
[2010/05/22 07:12:57 | 000,000,000 | R--D | C] -- G:\Users\me\Searches
[2010/05/22 07:12:50 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Identities
[2010/05/22 07:12:49 | 000,000,000 | R--D | C] -- G:\Users\me\Contacts
[2010/05/22 07:12:48 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\VirtualStore
[2010/05/22 07:12:38 | 000,000,000 | --SD | C] -- G:\Users\me\AppData\Roaming\Microsoft
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Videos
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Saved Games
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Pictures
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Music
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Links
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Favorites
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Downloads
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Documents
[2010/05/22 07:12:38 | 000,000,000 | R--D | C] -- G:\Users\me\Desktop
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\AppData\Local\Temporary Internet Files
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Templates
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Start Menu
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\SendTo
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Recent
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\PrintHood
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\NetHood
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Documents\My Videos
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Documents\My Pictures
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Documents\My Music
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\My Documents
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Local Settings
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\AppData\Local\History
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Cookies
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\Application Data
[2010/05/22 07:12:38 | 000,000,000 | -HSD | C] -- G:\Users\me\AppData\Local\Application Data
[2010/05/22 07:12:38 | 000,000,000 | -H-D | C] -- G:\Users\me\AppData
[2010/05/22 07:12:38 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Temp
[2010/05/22 07:12:38 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Local\Microsoft
[2010/05/22 07:12:38 | 000,000,000 | ---D | C] -- G:\Users\me\AppData\Roaming\Media Center Programs
[2010/05/22 06:31:30 | 000,000,000 | ---D | C] -- G:\Windows\SoftwareDistribution
[2010/05/22 06:30:14 | 000,000,000 | ---D | C] -- G:\Windows\Debug
[2010/05/22 06:27:53 | 000,000,000 | ---D | C] -- G:\Windows\Prefetch
[2010/04/06 19:12:38 | 000,372,736 | ---- | C] (AMD) -- G:\Windows\System32\atieclxx.exe
[2010/04/06 19:12:04 | 000,172,032 | ---- | C] (AMD) -- G:\Windows\System32\atiesrxx.exe
[2010/04/06 19:10:48 | 000,159,744 | ---- | C] (AMD) -- G:\Windows\System32\atitmmxx.dll
[2010/04/06 19:10:32 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- G:\Windows\System32\atipdlxx.dll
[2010/04/06 19:10:18 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- G:\Windows\System32\Oemdspif.dll
[2010/04/06 19:10:10 | 000,011,776 | ---- | C] (AMD) -- G:\Windows\System32\atimuixx.dll
[2010/04/06 19:10:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- G:\Windows\System32\ati2edxx.dll

========== Files - Modified Within 90 Days ==========

[2010/07/01 11:14:27 | 001,048,576 | -HS- | M] () -- G:\Users\me\NTUSER.DAT
[2010/07/01 10:58:29 | 000,003,952 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/01 10:58:29 | 000,003,952 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/01 10:46:47 | 000,711,850 | ---- | M] () -- G:\Windows\System32\PerfStringBackup.INI
[2010/07/01 10:46:47 | 000,614,174 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2010/07/01 10:46:47 | 000,110,382 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2010/07/01 10:41:36 | 000,000,006 | -H-- | M] () -- G:\Windows\tasks\SA.DAT
[2010/07/01 10:41:32 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2010/07/01 10:41:28 | 2112,798,720 | -HS- | M] () -- G:\hiberfil.sys
[2010/07/01 10:40:01 | 000,524,288 | -HS- | M] () -- G:\Users\me\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/01 10:40:01 | 000,065,536 | -HS- | M] () -- G:\Users\me\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/01 04:27:53 | 003,911,787 | -H-- | M] () -- G:\Users\me\AppData\Local\IconCache.db
[2010/07/01 04:00:08 | 000,000,060 | ---- | M] () -- G:\Windows\wpd99.drv
[2010/06/29 22:39:22 | 000,000,823 | ---- | M] () -- G:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 22:19:49 | 000,000,738 | ---- | M] () -- G:\Users\me\Desktop\NTREGOPT.lnk
[2010/06/29 22:19:49 | 000,000,719 | ---- | M] () -- G:\Users\me\Desktop\ERUNT.lnk
[2010/06/29 06:26:47 | 217,804,735 | ---- | M] () -- G:\Windows\MEMORY.DMP
[2010/06/29 06:23:46 | 000,000,539 | ---- | M] () -- G:\Users\me\Desktop\AcqURL.lnk
[2010/06/28 17:27:28 | 000,001,706 | ---- | M] () -- G:\Windows\tasks\wrSpySweeper_L1345B130972047EFA656D9F5C28C0314.job
[2010/06/28 03:57:48 | 000,003,584 | ---- | M] () -- G:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 20:47:47 | 000,371,808 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2010/06/27 17:12:37 | 000,000,749 | RH-- | M] () -- G:\Windows\WindowsShell.Manifest
[2010/06/27 16:53:05 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- G:\Windows\System32\ifxcardm.dll
[2010/06/27 16:53:01 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- G:\Windows\System32\axaltocm.dll
[2010/06/27 16:10:28 | 000,000,028 | ---- | M] () -- G:\Windows\pdf995.ini
[2010/06/27 16:09:38 | 000,249,856 | ---- | M] (TODO: <Company name>) -- G:\Windows\System32\pdfmona.dll
[2010/06/27 16:09:38 | 000,051,716 | ---- | M] () -- G:\Windows\System32\pdf995mon.dll
[2010/06/27 11:06:54 | 000,001,729 | ---- | M] () -- G:\Users\Public\Desktop\TradeFreedomEdge.lnk
[2010/06/27 09:28:52 | 000,001,896 | ---- | M] () -- G:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/06/27 09:23:04 | 000,000,670 | ---- | M] () -- G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Shortcut.lnk
[2010/06/27 09:13:44 | 000,000,948 | ---- | M] () -- G:\Users\Public\Desktop\MFSeries Software Guide (US).lnk
[2010/06/27 09:13:28 | 000,001,959 | ---- | M] () -- G:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2010/06/27 09:13:18 | 000,151,566 | ---- | M] () -- G:\Windows\System32\UninstIPP.isu
[2010/06/27 09:12:29 | 000,000,264 | ---- | M] () -- G:\Windows\setup.iss
[2010/06/27 09:09:03 | 000,000,416 | ---- | M] () -- G:\Windows\MAXLINK.INI
[2010/06/27 09:06:10 | 000,001,978 | ---- | M] () -- G:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2010/06/27 08:06:40 | 000,000,000 | ---- | M] () -- G:\Windows\nsreg.dat
[2010/06/27 08:06:32 | 000,001,757 | ---- | M] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/27 08:06:32 | 000,001,733 | ---- | M] () -- G:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/27 07:54:45 | 000,000,897 | ---- | M] () -- G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GGSearchTool.lnk
[2010/06/27 01:35:13 | 000,001,790 | ---- | M] () -- G:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2010/06/27 01:28:02 | 000,000,164 | ---- | M] () -- G:\Windows\install.dat
[2010/06/27 00:35:27 | 000,000,947 | ---- | M] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/27 00:30:42 | 000,100,432 | ---- | M] () -- G:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/27 00:22:46 | 000,000,219 | ---- | M] () -- G:\Windows\win.ini
[2010/06/26 21:31:36 | 000,000,781 | ---- | M] () -- G:\Users\me\Desktop\GGSearch.lnk
[2010/06/26 20:02:06 | 000,000,722 | ---- | M] () -- G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe - Shortcut.lnk
[2010/06/26 18:57:54 | 000,000,952 | ---- | M] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/22 14:56:35 | 000,022,844 | ---- | M] () -- G:\Windows\Ascd_log.ini
[2010/05/22 14:36:35 | 000,022,446 | ---- | M] () -- G:\Windows\Ascd_tmp.ini
[2010/05/22 14:27:39 | 000,000,000 | -H-- | M] () -- G:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/05/22 14:15:44 | 000,000,000 | ---- | M] () -- G:\Windows\ativpsrm.bin
[2010/05/22 10:38:01 | 000,001,820 | ---- | M] () -- G:\Windows\System32\rasctrnm.h
[2010/05/22 10:29:27 | 002,501,921 | ---- | M] () -- G:\Windows\System32\wlan.tmf
[2010/05/22 10:29:24 | 000,015,181 | ---- | M] () -- G:\Windows\System32\gatherWirelessInfo.vbs
[2010/05/22 09:23:06 | 027,656,192 | ---- | M] () -- G:\Windows\ocsetup_install_NetFx3.etl
[2010/05/22 09:23:06 | 000,196,608 | ---- | M] () -- G:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/22 09:23:06 | 000,065,536 | ---- | M] () -- G:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/22 08:15:30 | 000,000,680 | ---- | M] () -- G:\Users\me\AppData\Local\d3d9caps.dat
[2010/05/22 07:44:58 | 000,524,288 | -HS- | M] () -- G:\Users\me\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/22 07:12:38 | 000,000,020 | -HS- | M] () -- G:\Users\me\ntuser.ini
[2010/05/22 07:01:33 | 000,041,176 | ---- | M] () -- G:\Windows\System32\license.rtf
[2010/05/03 19:58:45 | 000,057,667 | ---- | M] () -- G:\Windows\System32\ieuinit.inf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2010/04/06 19:16:34 | 000,038,400 | ---- | M] () -- G:\Windows\System32\atiapfxx.blb
[2010/04/06 19:12:38 | 000,372,736 | ---- | M] (AMD) -- G:\Windows\System32\atieclxx.exe
[2010/04/06 19:12:04 | 000,172,032 | ---- | M] (AMD) -- G:\Windows\System32\atiesrxx.exe
[2010/04/06 19:10:48 | 000,159,744 | ---- | M] (AMD) -- G:\Windows\System32\atitmmxx.dll
[2010/04/06 19:10:32 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- G:\Windows\System32\atipdlxx.dll
[2010/04/06 19:10:18 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- G:\Windows\System32\Oemdspif.dll
[2010/04/06 19:10:10 | 000,011,776 | ---- | M] (AMD) -- G:\Windows\System32\atimuixx.dll
[2010/04/06 19:10:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- G:\Windows\System32\ati2edxx.dll
[2010/04/06 18:46:48 | 000,050,176 | ---- | M] (AMD) -- G:\Windows\System32\coinst.dll
[2010/04/06 18:22:08 | 000,023,040 | ---- | M] () -- G:\Windows\System32\atitmpxx.dll
[2010/04/06 18:20:44 | 000,515,424 | ---- | M] () -- G:\Windows\System32\atiumdva.cap

========== Files Created - No Company Name ==========

[2010/06/29 22:39:22 | 000,000,823 | ---- | C] () -- G:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 22:19:49 | 000,000,738 | ---- | C] () -- G:\Users\me\Desktop\NTREGOPT.lnk
[2010/06/29 22:19:49 | 000,000,719 | ---- | C] () -- G:\Users\me\Desktop\ERUNT.lnk
[2010/06/28 03:57:46 | 000,003,584 | ---- | C] () -- G:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 03:13:50 | 000,201,184 | ---- | C] () -- G:\Windows\System32\winrm.vbs
[2010/06/28 03:13:50 | 000,004,675 | ---- | C] () -- G:\Windows\System32\wsmanconfig_schema.xml
[2010/06/28 03:13:50 | 000,002,426 | ---- | C] () -- G:\Windows\System32\WsmTxt.xsl
[2010/06/27 18:05:51 | 000,130,008 | ---- | C] () -- G:\Windows\System32\systemsf.ebd
[2010/06/27 18:05:50 | 000,009,239 | ---- | C] () -- G:\Windows\System32\spcinstrumentation.man
[2010/06/27 18:05:42 | 000,442,788 | ---- | C] () -- G:\Windows\System32\dot3.tmf
[2010/06/27 18:05:41 | 000,117,248 | ---- | C] () -- G:\Windows\System32\EhStorAuthn.dll
[2010/06/27 18:05:41 | 000,107,612 | ---- | C] () -- G:\Windows\System32\StructuredQuerySchema.bin
[2010/06/27 18:05:39 | 003,662,128 | ---- | C] () -- G:\Windows\System32\locale.nls
[2010/06/27 18:05:39 | 000,392,170 | ---- | C] () -- G:\Windows\System32\onex.tmf
[2010/06/27 18:05:36 | 000,344,698 | ---- | C] () -- G:\Windows\System32\eaphost.tmf
[2010/06/27 18:05:16 | 000,208,966 | ---- | C] () -- G:\Windows\System32\WFP.TMF
[2010/06/27 18:05:15 | 000,092,918 | ---- | C] () -- G:\Windows\System32\slmgr.vbs
[2010/06/27 18:04:49 | 000,009,212 | ---- | C] () -- G:\Windows\System32\RacUR.xml
[2010/06/27 18:04:45 | 000,000,153 | ---- | C] () -- G:\Windows\System32\RacUREx.xml
[2010/06/27 17:28:42 | 000,018,904 | ---- | C] () -- G:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/06/27 17:28:38 | 011,967,524 | ---- | C] () -- G:\Windows\System32\korwbrkr.lex
[2010/06/27 16:10:28 | 000,000,028 | ---- | C] () -- G:\Windows\pdf995.ini
[2010/06/27 16:09:38 | 000,051,716 | ---- | C] () -- G:\Windows\System32\pdf995mon.dll
[2010/06/27 16:09:38 | 000,000,060 | ---- | C] () -- G:\Windows\wpd99.drv
[2010/06/27 11:06:54 | 000,001,729 | ---- | C] () -- G:\Users\Public\Desktop\TradeFreedomEdge.lnk
[2010/06/27 09:28:52 | 000,001,896 | ---- | C] () -- G:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/06/27 09:23:04 | 000,000,670 | ---- | C] () -- G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Shortcut.lnk
[2010/06/27 09:13:44 | 000,000,948 | ---- | C] () -- G:\Users\Public\Desktop\MFSeries Software Guide (US).lnk
[2010/06/27 09:13:28 | 000,001,959 | ---- | C] () -- G:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2010/06/27 09:13:10 | 000,151,566 | ---- | C] () -- G:\Windows\System32\UninstIPP.isu
[2010/06/27 09:13:10 | 000,040,960 | ---- | C] () -- G:\Windows\System32\IPPCPUID.DLL
[2010/06/27 09:12:26 | 000,009,606 | ---- | C] () -- G:\Windows\System32\NEWSOFT
[2010/06/27 09:11:28 | 000,000,264 | ---- | C] () -- G:\Windows\setup.iss
[2010/06/27 09:11:16 | 000,011,776 | ---- | C] () -- G:\Windows\System32\pmsbfn32.dll
[2010/06/27 09:09:03 | 000,000,416 | ---- | C] () -- G:\Windows\MAXLINK.INI
[2010/06/27 09:06:10 | 000,001,978 | ---- | C] () -- G:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2010/06/27 09:02:31 | 000,000,332 | ---- | C] () -- G:\Windows\System32\CNCMFP23.INI
[2010/06/27 08:06:40 | 000,000,000 | ---- | C] () -- G:\Windows\nsreg.dat
[2010/06/27 08:06:32 | 000,001,757 | ---- | C] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/27 08:06:32 | 000,001,733 | ---- | C] () -- G:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/27 07:54:45 | 000,000,897 | ---- | C] () -- G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GGSearchTool.lnk
[2010/06/27 01:40:22 | 000,001,706 | ---- | C] () -- G:\Windows\tasks\wrSpySweeper_L1345B130972047EFA656D9F5C28C0314.job
[2010/06/27 01:35:13 | 000,001,790 | ---- | C] () -- G:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2010/06/27 01:03:30 | 000,000,164 | ---- | C] () -- G:\Windows\install.dat
[2010/06/26 21:32:39 | 000,000,539 | ---- | C] () -- G:\Users\me\Desktop\AcqURL.lnk
[2010/06/26 21:31:36 | 000,000,781 | ---- | C] () -- G:\Users\me\Desktop\GGSearch.lnk
[2010/06/26 20:40:25 | 000,000,947 | ---- | C] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/26 20:02:06 | 000,000,722 | ---- | C] () -- G:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe - Shortcut.lnk
[2010/06/26 18:57:23 | 217,804,735 | ---- | C] () -- G:\Windows\MEMORY.DMP
[2010/06/26 18:50:34 | 000,057,667 | ---- | C] () -- G:\Windows\System32\ieuinit.inf
[2010/05/29 14:17:39 | 000,012,198 | ---- | C] () -- G:\Windows\System32\gatherWiredInfo.vbs
[2010/05/29 14:17:38 | 000,144,909 | ---- | C] () -- G:\Windows\System32\fsmgmt.msc
[2010/05/29 14:17:35 | 000,145,455 | ---- | C] () -- G:\Windows\System32\perfmon.msc
[2010/05/29 14:17:35 | 000,000,003 | ---- | C] () -- G:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2010/05/22 14:36:58 | 000,022,844 | ---- | C] () -- G:\Windows\Ascd_log.ini
[2010/05/22 14:36:35 | 000,022,446 | ---- | C] () -- G:\Windows\Ascd_tmp.ini
[2010/05/22 14:36:35 | 000,007,680 | ---- | C] () -- G:\Windows\System32\drivers\ASACPI.sys
[2010/05/22 14:36:30 | 000,010,288 | ---- | C] () -- G:\Windows\System32\drivers\ASUSHWIO.SYS
[2010/05/22 14:27:39 | 000,000,000 | -H-- | C] () -- G:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/05/22 14:15:44 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2010/05/22 14:15:38 | 2112,798,720 | -HS- | C] () -- G:\hiberfil.sys
[2010/05/22 10:38:01 | 000,001,820 | ---- | C] () -- G:\Windows\System32\rasctrnm.h
[2010/05/22 10:29:27 | 002,501,921 | ---- | C] () -- G:\Windows\System32\wlan.tmf
[2010/05/22 10:29:24 | 000,015,181 | ---- | C] () -- G:\Windows\System32\gatherWirelessInfo.vbs
[2010/05/22 09:19:50 | 027,656,192 | ---- | C] () -- G:\Windows\ocsetup_install_NetFx3.etl
[2010/05/22 09:19:50 | 000,196,608 | ---- | C] () -- G:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/22 09:19:50 | 000,065,536 | ---- | C] () -- G:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/22 08:19:21 | 000,001,904 | ---- | C] () -- G:\Windows\System32\SetupBD.din
[2010/05/22 07:36:35 | 000,000,952 | ---- | C] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/22 07:12:42 | 000,000,680 | ---- | C] () -- G:\Users\me\AppData\Local\d3d9caps.dat
[2010/05/22 07:12:38 | 000,524,288 | -HS- | C] () -- G:\Users\me\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/22 07:12:38 | 000,524,288 | -HS- | C] () -- G:\Users\me\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/22 07:12:38 | 000,262,144 | -H-- | C] () -- G:\Users\me\ntuser.dat.LOG1
[2010/05/22 07:12:38 | 000,065,536 | -HS- | C] () -- G:\Users\me\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/22 07:12:38 | 000,000,258 | ---- | C] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/05/22 07:12:38 | 000,000,240 | ---- | C] () -- G:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/05/22 07:12:38 | 000,000,020 | -HS- | C] () -- G:\Users\me\ntuser.ini
[2010/05/22 07:12:38 | 000,000,000 | -H-- | C] () -- G:\Users\me\ntuser.dat.LOG2
[2010/05/22 07:12:37 | 001,048,576 | -HS- | C] () -- G:\Users\me\NTUSER.DAT
[2010/04/06 19:16:34 | 000,038,400 | ---- | C] () -- G:\Windows\System32\atiapfxx.blb
[2010/04/06 18:20:44 | 000,515,424 | ---- | C] () -- G:\Windows\System32\atiumdva.cap
[2010/03/03 03:06:02 | 000,023,040 | ---- | C] () -- G:\Windows\System32\atitmpxx.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- G:\Windows\System32\wrLZMA.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- G:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- G:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/06/27 16:10:28 | 000,000,000 | ---D | M] -- G:\Users\me\AppData\Roaming\pdf995
[2010/06/27 09:08:51 | 000,000,000 | ---D | M] -- G:\Users\me\AppData\Roaming\ScanSoft
[2010/07/01 10:40:02 | 000,027,668 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/28 17:27:28 | 000,001,706 | ---- | M] () -- G:\Windows\Tasks\wrSpySweeper_L1345B130972047EFA656D9F5C28C0314.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- G:\autoexec.bat
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- G:\config.sys
[2010/07/01 10:41:28 | 2112,798,720 | -HS- | M] () -- G:\hiberfil.sys
[2010/07/01 10:41:27 | 2426,601,472 | -HS- | M] () -- G:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- G:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- G:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- G:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/27 20:37:44 | 000,037,665 | ---- | M] () -- G:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/06 19:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- G:\Windows\System32\ATIDEMGX.dll
[2009/03/08 04:22:37 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\msls31.dll
[2009/04/10 23:28:23 | 000,286,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\rasapi32.dll
[2008/01/19 00:36:15 | 000,071,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\rasman.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:24 | 000,036,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\rtutils.dll
[2006/11/02 02:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\SensApi.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\SLC.dll
[2008/01/19 00:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\sxs.dll
[2006/11/02 02:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\tapi32.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- G:\Windows\System32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- G:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- G:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- G:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- G:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- G:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/10 23:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 00:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- G:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-29 00:39:20
< End of report >


OTL Extras logfile created on: 01/07/2010 11:15:02 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = I:\virus removal\software
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 175.78 Gb Total Space | 154.11 Gb Free Space | 87.67% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 346.45 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 129.81 Gb Free Space | 13.94% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 304.45 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive G: | 250.91 Gb Total Space | 225.78 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
Drive H: | 39.06 Gb Total Space | 22.09 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
Drive I: | 146.48 Gb Total Space | 124.88 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive J: | 319.28 Gb Total Space | 295.78 Gb Free Space | 92.64% Space Free | Partition Type: NTFS
Drive L: | 232.88 Gb Total Space | 211.53 Gb Free Space | 90.83% Space Free | Partition Type: NTFS
Drive X: | 369.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOU
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- G:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B4397AB-41AE-48A8-8106-0D3A4A3CABAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{965CAB83-0749-40FA-8D13-967D5444D673}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FE6A8A8-1096-4C5F-9D99-192CEF0BF1B5}" = lport=6004 | protocol=17 | dir=in | app=g:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7E59E59D-88DF-4B99-BA1E-91F7786EDE28}" = dir=in | app=g:\program files\windows live\messenger\wlcsdk.exe |
"{BA1109C5-7F4F-45CF-8630-4149EF06E920}" = dir=in | app=g:\program files\windows live\messenger\msnmsgr.exe |
"{DCA7645D-2EFD-4323-9147-A14F4EFB2844}" = dir=in | app=g:\program files\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B0D67B-36C9-C2CD-B63B-7B526138BA52}" = ccc-utility
"{04FC2E4C-0E41-9D39-4E58-1EF29D4EF09D}" = ccc-core-static
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0949C078-58B4-CAF1-9A63-A4545145806D}" = Catalyst Control Center Graphics Previews Common
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{38D9575F-6228-6A54-3A92-D902739B6541}" = Catalyst Control Center InstallProxy
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{573F1931-08F7-9222-704E-841C391794C5}" = ATI Catalyst Install Manager
"{5E8B45A0-072C-91F7-BC80-29374194B452}" = Catalyst Control Center Graphics Previews Vista
"{5EA7033C-2AAA-4713-8D6C-2776609D47B6}" = TradeFreedomEdge
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel® Network Connections 15.2.89.0
"{7BA01D2D-E25C-0C2C-5779-7A8E02A4BE7D}" = Catalyst Control Center Core Implementation
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF4E834-DCAD-29E7-1EE8-9D817A3FA15B}" = CCC Help English
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C03A56EE-2715-5F54-69C4-A1CDB7602354}" = Catalyst Control Center Graphics Full New
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C307DD64-1C69-8C52-D2C9-02D38995A269}" = Catalyst Control Center HydraVision Full
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{E3E1398E-8FF2-0154-6D8F-7FC26299EBED}" = Catalyst Control Center Graphics Full Existing
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FBEF69BB-829C-8D4D-B299-497147916039}" = Catalyst Control Center Graphics Light
"acqurl" = acqurl
"AcqURL_is1" = AcqURL 7.2
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ERUNT_is1" = ERUNT 1.1j
"GGSearch_is1" = GGSearch v.3.8.4
"HECI" = Intel® Management Engine Interface
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Pdf995" = Pdf995
"PROR" = Microsoft Office Professional 2007
"PROSetDX" = Intel® Network Connections 15.2.89.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/06/2010 7:32:26 AM | Computer Name = you | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30/06/2010 7:32:26 AM | Computer Name = you | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30/06/2010 7:32:26 AM | Computer Name = you | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30/06/2010 7:32:26 AM | Computer Name = you | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30/06/2010 10:16:06 PM | Computer Name = you | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 30/06/2010 10:20:58 PM | Computer Name = you | Source = Windows Search Service | ID = 3024
Description =

Error - 01/07/2010 6:01:04 AM | Computer Name = you | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 01/07/2010 1:35:26 PM | Computer Name = you | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 01/07/2010 1:41:47 PM | Computer Name = you | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 01/07/2010 2:08:24 PM | Computer Name = you | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 27/06/2010 3:50:42 AM | Computer Name = you | Source = Service Control Manager | ID = 7034
Description =

Error - 27/06/2010 3:53:35 AM | Computer Name = you | Source = DCOM | ID = 10010
Description =

Error - 27/06/2010 3:54:02 AM | Computer Name = you | Source = Service Control Manager | ID = 7026
Description =

Error - 27/06/2010 3:58:42 AM | Computer Name = you | Source = Service Control Manager | ID = 7026
Description =

Error - 27/06/2010 4:20:52 AM | Computer Name = you | Source = volsnap | ID = 393245
Description = The shadow copies of volume G: were aborted during detection.

Error - 27/06/2010 4:21:37 AM | Computer Name = you | Source = Service Control Manager | ID = 7026
Description =

Error - 27/06/2010 4:34:18 AM | Computer Name = you | Source = Service Control Manager | ID = 7034
Description =

Error - 27/06/2010 4:39:02 AM | Computer Name = you | Source = Service Control Manager | ID = 7026
Description =

Error - 27/06/2010 9:51:39 AM | Computer Name = you | Source = Service Control Manager | ID = 7026
Description =

Error - 27/06/2010 10:25:16 AM | Computer Name = you | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there it will not be able to remove it, but I may be able to

Download Bootkit remover to your desktop
This is a rar file if you do not have a programme to open it then download and install Peazip

Extract Remover.exe to your desktop
Right click Remover.exe and select Run as Administrator
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Open a notepad and press Control+V

Post the resultant log here please
  • 0

#3
Borrowed Time

Borrowed Time

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thank you for your reply. This is the results.

Bootkit Remover version 1.0.0.1
© 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 2b838dee4abcbefc0711bbd081dc2f2d
\\.\D: -> \\.\PhysicalDrive2
MD5: 2b838dee4abcbefc0711bbd081dc2f2d
\\.\E: -> \\.\PhysicalDrive1
MD5: 2b838dee4abcbefc0711bbd081dc2f2d
\\.\F: -> \\.\PhysicalDrive3
MD5: 2b838dee4abcbefc0711bbd081dc2f2d
\\.\G: -> \\.\PhysicalDrive0
\\.\H: -> \\.\PhysicalDrive0
\\.\I: -> \\.\PhysicalDrive4
MD5: 2b838dee4abcbefc0711bbd081dc2f2d
\\.\J: -> \\.\PhysicalDrive4
\\.\K: -> \\.\PhysicalDrive5
MD5: 2b838dee4abcbefc0711bbd081dc2f2d

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code
465 GB \\.\PhysicalDrive2 Unknown boot code
931 GB \\.\PhysicalDrive1 Unknown boot code
465 GB \\.\PhysicalDrive3 Unknown boot code
465 GB \\.\PhysicalDrive4 Unknown boot code
232 GB \\.\PhysicalDrive5 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I assume here that C is your main boot drive

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file Posted Image

Then run fix.bat by double clicking you may see a black box appear this is normal

On completion

1. Run Bootkit remover again with no switches as we did at first and copy the data

2. Run a fresh OTL scan
  • 0

#5
Borrowed Time

Borrowed Time

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello finally. Sorry for the delay. As you may have guessed. I royally screwed up. As I mentioned I dual boot XP and Vista. In the last post you instructed me to do some tasks. Of course I had forgot I was in XP and not Vista. I'm actually not sure if that is what did it but in any case when I realized I ran the scans in the wrong operating system and I rebooted nothing ran. The boot loader couldn't boot the OS. From there everything went from bad to worse. In the end the machine wouldn't even boot from the CD. I took the machine in to have it fixed and dusted off a second computer I had. Updated XP and the programs I need. Copied a backup copy of my files and here I am. Not to worry. I still appreciate this site. I will in the future use all appropriate caution with instructions. Right away I have a problem in another matter that does not involve virus or malware so I will open another thread. It involves my Outlook mail not being able to receive. I had the same problem with the new Vista I installed as well. Now I have the exact same problem still in a new XP install. Anyways, that's for a new thread. I thank you for your time and assure you that I harbor no thoughts of fault anywhere except with myself. If you're going to fool around with computers these things are bound to happen. I now have a second machine up and running so the next time something like this happens I will be prepared.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In a way that was my fault I should have stressed the operating system to run from

But glad all was resolved in the end
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP