Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

GMER failed


  • Please log in to reply

#1
buzmeg35

buzmeg35

    Member

  • Member
  • PipPip
  • 15 posts
Hello, Hopefully someone can help. i used your site once before to good result. Was a bit slow on certain sites, ran a virus scan with my f-secure software. Found a couple of bits of malware but no real change. Started to go through steps outlined on forum. When I ran GMER it failed and I started to get COM Surrogate stopped working message. I re-booted and started again. GMER failed again but this time no other error messages. Below are the OTL log, the MBAM log from the first try and then the second. Some vague problems on certain websites and Windows explorer seems slow. Please help. Thanks - J

OTL:

OTL logfile created on: 03/07/2010 3:45:42 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\owner\Downloads\Virus
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.26 Gb Total Space | 79.96 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.71 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/03 10:35:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\Virus\OTL.exe
PRC - [2010/06/30 07:22:18 | 000,709,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
PRC - [2010/06/30 07:22:16 | 000,498,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
PRC - [2010/06/29 06:03:26 | 000,055,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
PRC - [2010/06/28 20:04:46 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 20:04:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/16 06:36:27 | 000,364,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
PRC - [2010/02/11 18:20:31 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
PRC - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
PRC - [2009/08/05 08:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSM32.EXE
PRC - [2009/08/05 08:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
PRC - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/30 10:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/11/15 16:57:58 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/03 10:35:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\Virus\OTL.exe
MOD - [2009/08/05 08:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\shaw secure\hips\fshook32.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/29 06:03:26 | 000,055,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 18:20:31 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/03/18 17:40:13 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/02 20:29:54 | 000,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/02 20:29:52 | 000,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/11/15 16:57:58 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 06:27:57 | 000,113,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/03/17 07:15:07 | 000,035,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2010/02/11 18:18:51 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009/12/05 08:02:01 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2009/08/05 08:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 08:57:20 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/08/05 08:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 08:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/08/05 08:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/01/22 13:13:46 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/01/22 13:13:42 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/01 00:16:26 | 000,018,912 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/03/25 16:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/14 13:48:16 | 000,005,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/16 08:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/04/02 21:45:20 | 000,057,592 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/03/10 13:09:56 | 000,009,368 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/10 13:09:34 | 000,098,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/10 13:09:34 | 000,094,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/10 13:09:34 | 000,035,800 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/10 13:09:32 | 000,027,416 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/10 13:09:30 | 000,033,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/10 13:09:30 | 000,016,568 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/10 13:09:28 | 000,108,696 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/09 15:18:22 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/02/02 09:40:52 | 000,030,296 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/02 09:40:52 | 000,014,840 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/27 09:49:06 | 000,052,168 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/31 07:46:36 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.8.0.12304
FF - prefs.js..keyword.URL: "http://websearch.ask...8&apn_dtid=&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/21 10:22:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2010/05/26 07:31:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 20:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 09:02:46 | 000,000,000 | ---D | M]

[2008/08/26 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/07/03 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\0pe0vg22.default\extensions
[2010/04/27 17:35:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\0pe0vg22.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 18:20:52 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\0pe0vg22.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/02 23:11:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\0pe0vg22.default\extensions\[email protected]
[2010/07/02 23:11:10 | 000,002,555 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\0pe0vg22.default\searchplugins\askcom.xml
[2010/05/11 12:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 12:44:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/14 08:05:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/14 08:05:09 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/14 08:05:09 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 08:05:09 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} http://support.f-sec.../fshc/fscax.cab (F-Secure Health Check 1.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\microsoft shared\Reference Titles\msref.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\owner\Pictures\K. 67.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\Pictures\K. 67.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 11:06:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/16 19:09:03 | 000,000,000 | RHSD | M] - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2009/03/16 19:10:39 | 000,000,000 | RHSD | M] - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/04 12:45:54 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 10:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/03 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/02 00:11:21 | 000,000,000 | RHSD | C] -- C:\Users\owner\Documents\Locked
[2010/05/23 10:31:44 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Roxio
[2010/05/20 21:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cool MP3 Splitter
[2010/05/09 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Red Kawa
[2010/05/09 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Red Kawa
[2010/05/09 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Geckofx
[2010/05/08 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\vlc
[2010/05/02 11:18:20 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Squamish
[2010/05/01 16:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ghostgum
[2010/05/01 16:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2008/06/04 13:19:34 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll

========== Files - Modified Within 90 Days ==========

[2010/07/03 15:45:10 | 005,767,168 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/07/03 15:42:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/03 15:09:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/03 15:00:33 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 15:00:33 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 14:58:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/03 13:07:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 13:05:06 | 000,618,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/03 13:05:06 | 000,112,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/03 13:05:04 | 000,717,756 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/03 13:00:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/03 13:00:30 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 12:58:13 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/03 12:58:13 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/03 12:57:49 | 002,303,792 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/06/24 19:09:57 | 000,234,496 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/16 23:30:08 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2010/06/11 03:33:27 | 000,576,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/23 10:48:48 | 001,064,540 | ---- | M] () -- C:\Users\owner\AppData\Local\rx_audio.Cache
[2010/05/15 17:33:04 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
[2010/05/10 07:24:13 | 000,001,750 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/08 21:19:22 | 000,000,879 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010/05/04 17:46:32 | 000,011,476 | ---- | M] () -- C:\Users\owner\gsview32.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/10 07:24:13 | 000,001,750 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/08 21:19:22 | 000,000,879 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010/05/01 16:52:57 | 000,011,476 | ---- | C] () -- C:\Users\owner\gsview32.ini
[2009/09/17 18:11:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/04 08:09:31 | 000,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008/11/10 01:03:29 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/08/21 09:31:13 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/21 09:31:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/21 09:31:12 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/21 09:31:11 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/08/21 09:31:10 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/18 16:51:40 | 000,888,832 | ---- | C] () -- C:\Windows\System32\securenet.dll
[2008/06/22 11:46:39 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2008/06/04 13:19:34 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2008/06/04 13:19:34 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2008/06/04 13:19:34 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2008/06/01 17:20:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\suppdll.dll
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/19 20:23:04 | 000,000,415 | ---- | C] () -- C:\Windows\MP3trtg.ini
[2008/03/16 21:20:06 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/29 15:57:47 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/02/29 15:57:47 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/02/29 15:57:47 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/01/25 16:25:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2008/01/12 17:56:28 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI
[2007/11/14 10:42:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/11/09 04:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll
[2007/09/17 17:26:40 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/09/17 17:26:39 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/13 17:17:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/04/23 11:35:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/04/23 10:43:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/23 10:43:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 10:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2010/07/02 00:11:26 | 000,000,000 | -HSD | M] -- C:\Users\owner\AppData\Roaming\.#
[2010/07/02 23:33:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BitTorrent
[2009/03/14 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DNA
[2008/06/01 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\F-Secure
[2009/03/18 20:31:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HouseCall 6.6
[2007/09/17 14:31:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Individual Software
[2009/03/18 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IObit
[2009/03/05 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LimeWire
[2009/12/23 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NCH Swift Sound
[2008/03/18 22:10:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nokia
[2008/03/18 22:05:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC Suite
[2008/02/27 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\pdf995
[2010/05/09 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Red Kawa
[2010/02/01 19:33:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SharePod
[2007/08/16 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Snapfish
[2007/09/17 14:31:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SolidDocuments
[2009/12/06 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\StreamTorrent
[2009/01/10 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird
[2008/06/21 09:05:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Uniblue
[2007/09/17 14:31:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
[2008/04/09 09:38:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2010/07/03 15:09:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/07/03 12:58:21 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/03/19 20:25:56 | 000,508,132 | ---- | M] () -- C:\amt1
[2007/04/23 11:06:40 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/04/23 11:35:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/03/19 18:38:10 | 000,020,696 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/29 15:58:45 | 000,001,195 | ---- | M] () -- C:\Cucu_Video_log.txt
[2009/03/16 18:57:06 | 000,024,874 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/07/03 13:00:30 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/03 18:48:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/16 19:10:36 | 000,002,920 | ---- | M] () -- C:\ipconfig.txt
[2010/02/01 19:36:52 | 000,088,008 | ---- | M] () -- C:\ituneslib.itl
[2008/09/05 18:29:19 | 000,000,144 | ---- | M] () -- C:\log.txt
[2008/11/03 18:48:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/03 13:00:28 | 2451,324,928 | -HS- | M] () -- C:\pagefile.sys
[2008/04/09 09:44:31 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008/01/12 17:56:34 | 000,002,625 | ---- | M] () -- C:\StarBurn.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/17 19:13:32 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5k4.DLL
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/10 23:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 00:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-28 17:56:23

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Squamish:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Red Kawa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\My Widgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\My Library:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Locked:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Junk Drawer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\JL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Household:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:0C232DFB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 03/07/2010 3:45:42 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\owner\Downloads\Virus
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.26 Gb Total Space | 79.96 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.71 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030C16F7-DF69-4DFC-BE84-98A695B9EC8E}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{5CF2A95B-D020-40F6-9120-8984AA457D4B}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0553FD72-379A-45E8-9180-34ECEF4A9BB8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0ADD1FE9-AAAA-4F99-A598-1422D2929AC1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0B32388D-4216-43CB-B616-261E8DB8D23B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{10FEED07-3779-4E54-B7BE-365845E9A508}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{14405FA1-EB0B-4674-8093-01D760DEBD9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1B0D22E3-78AE-4967-8A9C-CF3C2D06BCCE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{1CE7AB12-3025-49E2-A007-7B70D3CE46B3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{371794B5-D8E5-488F-BDDC-D7BDDD830553}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{39D78ED8-598A-463E-8E6A-58E979F9C749}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{42A1BFA7-5A11-44C1-B40A-9017D4A7A47D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47979CB9-8D97-497A-98A1-D7F56F9AB6AA}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{491269BF-97AA-4CB7-B418-5871726309CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4BDA2472-0847-4CAA-AA21-969608477352}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{55C51DC8-23CF-4DA6-A2B6-BA5B562B153C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{59B04773-825F-44CE-A215-7FBC6D8A32E5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5FCEF090-3457-4E1B-A81E-90BD23B248A7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{6EF74FE0-53FA-46A0-A5CD-D038A1D915E0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{795C016C-1BD0-4656-8940-E95112CB5821}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7D3FBCB0-A9AA-42AD-B1E3-B538F7659ADA}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{7EC6FFA5-1ACF-4D9D-A920-AA737666CBA3}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7F2C8C8C-B996-4F02-98D4-D9A1B55BE41E}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8FBFBE98-E5C8-4784-B997-2C7C453F15D1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{91E1F0F7-0379-4D8F-807B-769C743F7BEA}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{93B73DDB-8C14-4F9F-97F4-5B2BA37280AB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AF7C103C-0BC7-464A-B54D-55DC0908AE5C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B395E64A-DBCD-410A-8339-B825BB305E67}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CACD5F5D-CD6F-459C-85C4-4C4FD8924289}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CD1E0005-C6E1-4ED2-A944-1334DD48BBD0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CFB7A9E2-12E9-4716-B601-F61D5B838E51}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D1E0D662-B6E0-4F83-8B52-DB12502C10D9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{343AB950-EE19-4C50-84B8-DD25F6E85A42}C:\users\owner\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |
"UDP Query User{1FF9777D-6A55-4BE1-928A-FAC94BE757E9}C:\users\owner\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio RecordNow Tools
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D330013-4A99-46D6-83C6-2C959C68DBFF}" = Roxio DVD Info Pro
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio RecordNow Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1C5D5D15-CABD-4C5A-A80E-B5C4CA6FE90A}" = hppTLBXFXCP1510
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5E894531-91FB-4B76-AA0F-49E0E1F357D6}" = hppPQVideoCP1510
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio RecordNow Copy
"{64FD4D83-085A-49D0-905A-F06057B73DA3}" = hppCLJCP1510
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADCEEA0-AC82-4360-AD6B-CCF01B66F9DB}" = hppusgCP1510
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio RecordNow Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B932A416-28A7-4D08-89A6-7A0464DAD37D}" = hpzTLBXFX
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{ED5BDA06-0D68-4B4C-93FE-50BE94ADA6E9}" = hppManualsCP1510
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5467B7C-C929-4C1A-B4E9-E7C376E2DF08}" = Roxio SightSpeed
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 3.0
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"EVG 99" = Encarta Virtual Globe 99
"F-Secure Product 444" = Shaw Secure
"GoToAssist" = GoToAssist 8.0.0.516
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Intel® Configuration Center" = Intel® Viiv™ Software
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.7 Full *BETA*
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Shuangs Audio Joiner_is1" = Shuangs Audio Joiner 1.1
"SightSpeed" = SightSpeed (remove only)
"Signature995" = Signature995
"SopCast" = SopCast 3.2.9
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StreamTorrent 1.0" = StreamTorrent 1.0
"TVAnts 1.0" = TVAnts 1.0
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"Veetle TV" = Veetle TV 0.9.16
"Videora iPod Converter" = Videora iPod Converter 5.04
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Folder Lock" = Folder Lock

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/06/2010 2:16:16 PM | Computer Name = owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2010-06-26 11:16:16-07:00 owner-pc OWNER-PC\owner F-Secure
Anti-Virus Manual scanning was finished - workstation was found infected!

Error - 26/06/2010 5:41:17 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 29/06/2010 3:40:13 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program bittorrent.exe version 6.4.0.18095 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b04 Start Time: 01cb175c1ec5f900 Termination Time: 31

Error - 29/06/2010 10:04:19 AM | Computer Name = owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2010-06-29 07:04:19-07:00 owner-pc OWNER-PC\Bella F-Secure
Anti-Virus Manual scanning was finished - workstation was found infected!

Error - 29/06/2010 10:06:09 AM | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 29/06/2010 8:20:13 PM | Computer Name = owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2010-06-29 17:20:12-07:00 owner-pc OWNER-PC\owner F-Secure
Anti-Virus Manual scanning was finished - workstation was found infected!

Error - 29/06/2010 9:37:36 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 29/06/2010 9:46:32 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 29/06/2010 9:50:54 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cb0 Start Time: 01cb1798607bb974 Termination Time: 0

Error - 29/06/2010 9:51:27 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 854 Start Time: 01cb17f6ace704f0 Termination Time: 0

[ System Events ]
Error - 03/07/2010 2:54:39 PM | Computer Name = owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 03/07/2010 2:54:42 PM | Computer Name = owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 03/07/2010 2:54:45 PM | Computer Name = owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 03/07/2010 2:56:23 PM | Computer Name = owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 03/07/2010 3:16:47 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/07/2010 3:16:47 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 03/07/2010 4:01:07 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/07/2010 4:01:07 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 03/07/2010 4:07:29 PM | Computer Name = owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 03/07/2010 4:07:32 PM | Computer Name = owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =


< End of report >

MBAM first time:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4272

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

03/07/2010 10:49:11 AM
mbam-log-2010-07-03 (10-49-11).txt

Scan type: Quick scan
Objects scanned: 157582
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\owner\AppData\Roaming\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\ErrorSmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\owner\AppData\Roaming\ErrorSmart\Log\2008 Aug 18 - 09_54_38 PM_183.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-18_21-56-13.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

MBAM second time:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4272

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

03/07/2010 12:52:43 PM
mbam-log-2010-07-03 (12-52-43).txt

Scan type: Quick scan
Objects scanned: 157285
Time elapsed: 22 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP