Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot delete file on desktop!


  • Please log in to reply

#1
Maleia

Maleia

    Member

  • Member
  • PipPip
  • 11 posts
Hello there!

The issue I have is with a folder on my desktop, in which is a .iso file. It was downloaded to the desktop a while ago, but now it will not be moved/renamed/deleted. No exceptions. Vista tells me "this action cannot be completed because the folder is open in another program."

It says it is for the Sims3, which would make it an illegal download; thus, my wish to remove it (and the fact that it is 5.55G sitting on my desktop). I originally asked for help in the Windows Vista section (you can view the thread here!) and after being assisted by the wonderful Broni (and a few people from the Staff forum), I was advised to make a post here when they were each unsuccessful.

It doesnt seem to cause any damage or disrupt my computer in any was as far as I can tell, but it shouldnt be there (number one) and now I cant get rid of it (number two).

Any assistance is greatly appreciated. If I've made any mistakes or left anything out, I apologize. Please let me know. Thank you in advance!

Here is my MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4273

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

7/8/2010 11:39:42 PM
mbam-log-2010-07-08 (23-39-42).txt

Scan type: Quick scan
Objects scanned: 129862
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


As well as my GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-09 18:29:54
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC2 0xD4 0xC3 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xC2 0xD4 0xC3 0x12 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\[email protected] 283

---- EOF - GMER 1.0.15 ----


And OTL:



OTL logfile created on: 7/9/2010 6:33:50 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Mal\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 108.20 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 12.81 Gb Free Space | 99.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Mal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 23:26:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
PRC - [2010/07/07 22:49:49 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/07 22:49:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/28 12:16:13 | 000,654,648 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\bittorrent.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 23:26:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/02/26 20:34:42 | 000,030,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/16 23:14:32 | 000,905,216 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 16:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/07/07 22:49:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/07 22:50:02 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/07 22:50:00 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/07 22:49:58 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/21 23:53:16 | 000,834,544 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/16 20:24:02 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/02/26 20:34:48 | 000,030,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/02/26 20:34:30 | 000,041,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/11/24 21:01:40 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/26 10:50:34 | 000,380,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/09/17 00:01:26 | 004,709,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 18:54:18 | 000,026,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 04:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/31 05:36:18 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/02/29 19:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/09/26 06:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com|....spcollege.edu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/07 22:49:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/23 23:36:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/03 18:56:30 | 000,000,000 | ---D | M]

[2010/01/10 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Mozilla\Extensions
[2009/01/30 18:05:16 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/08 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions
[2010/05/31 10:25:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/23 23:36:32 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/07/03 18:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/03 18:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/03 18:56:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{71027f1c-d470-11de-80a5-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{71027f1c-d470-11de-80a5-001eecfcdc5d}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{8024c758-6be8-11de-b596-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{8024c758-6be8-11de-b596-001eecfcdc5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux1 - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midi1 - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: mixer1 - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: MSVideo8 - VfWWDM32.dll ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wave1 - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/08 23:31:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/08 23:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/08 23:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/08 23:26:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
[2010/07/08 23:25:35 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Mal\Desktop\erunt_setup.exe
[2010/07/08 23:24:58 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Mal\Desktop\TFC.exe
[2010/07/07 23:58:06 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTM.exe
[2010/07/07 22:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/07/07 22:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/07/07 22:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/07/07 22:28:41 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\LockHunter
[2010/07/07 22:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2010/07/04 22:43:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/04 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Mal\Documents\School
[2010/07/03 22:03:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/03 21:41:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/03 21:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/03 19:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/03 19:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/03 18:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/03 18:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/27 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Local\VS Revo Group
[2010/06/27 11:31:51 | 886,625,331 | ---- | C] (AruaROSE ) -- C:\Users\Mal\Documents\AruaROSE_v837.exe
[2010/06/20 02:55:50 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2010/06/20 02:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/06/20 01:54:01 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\vlc
[2010/06/19 01:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 01:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 01:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/19 01:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 01:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/12 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mal\{427911e7-7d24-4273-b1c4-09d075e84c47}
[2010/06/11 18:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/06/11 18:05:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/06/11 11:24:30 | 000,000,000 | ---D | C] -- C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED
[2010/06/10 17:20:00 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/06/09 19:35:55 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Local\Windows Server
[2010/06/09 18:21:08 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\0D1793FE46F908865A8AF54448697546
[2010/05/31 14:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/31 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/05/09 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Local\Geckofx
[2010/05/07 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\AnvSoft
[2010/04/25 11:31:51 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\WinFF
[2010/04/25 11:27:43 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\MPEG Streamclip
[2010/04/11 11:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

========== Files - Modified Within 90 Days ==========

[2010/07/09 18:32:14 | 002,359,296 | -HS- | M] () -- C:\Users\Mal\ntuser.dat
[2010/07/09 17:57:45 | 000,002,239 | ---- | M] () -- C:\Users\Mal\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/09 17:34:50 | 061,808,162 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/09 17:28:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/09 17:28:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/08 23:36:11 | 000,695,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/08 23:36:11 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/08 23:36:11 | 000,105,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/08 23:30:56 | 000,000,723 | ---- | M] () -- C:\Users\Mal\Desktop\NTREGOPT.lnk
[2010/07/08 23:30:56 | 000,000,704 | ---- | M] () -- C:\Users\Mal\Desktop\ERUNT.lnk
[2010/07/08 23:28:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/08 23:28:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/08 23:28:16 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 23:27:22 | 000,524,288 | -HS- | M] () -- C:\Users\Mal\ntuser.dat{ddb7893c-1b70-11df-9ab6-001eecfcdc5d}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 23:27:22 | 000,065,536 | -HS- | M] () -- C:\Users\Mal\ntuser.dat{ddb7893c-1b70-11df-9ab6-001eecfcdc5d}.TM.blf
[2010/07/08 23:27:19 | 002,112,358 | -H-- | M] () -- C:\Users\Mal\AppData\Local\IconCache.db
[2010/07/08 23:26:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
[2010/07/08 23:25:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Mal\Desktop\erunt_setup.exe
[2010/07/08 23:25:02 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\TFC.exe
[2010/07/07 23:58:09 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTM.exe
[2010/07/07 23:45:36 | 000,100,908 | ---- | M] () -- C:\Users\Mal\Desktop\SystemLook.exe
[2010/07/07 22:50:09 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/07 22:50:08 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/07 22:50:04 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/07/07 22:50:02 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/07 22:50:00 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/07 22:49:58 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/04 22:34:12 | 000,002,611 | ---- | M] () -- C:\Users\Mal\Desktop\Microsoft Office Word 2007.lnk
[2010/07/03 21:41:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 16:35:19 | 000,000,020 | ---- | M] () -- C:\Users\Mal\defogger_reenable
[2010/06/27 14:27:17 | 000,110,592 | ---- | M] () -- C:\Users\Mal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 11:41:33 | 886,625,331 | ---- | M] (AruaROSE ) -- C:\Users\Mal\Documents\AruaROSE_v837.exe
[2010/06/26 19:43:54 | 000,015,427 | ---- | M] () -- C:\Users\Mal\Documents\ROSE Guide.docx
[2010/06/20 03:46:34 | 000,001,041 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\vso_ts_preview.xml
[2010/06/20 02:55:58 | 000,099,384 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\inst.exe
[2010/06/20 02:55:58 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Mal\AppData\Roaming\pcouffin.sys
[2010/06/20 02:55:58 | 000,007,859 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\pcouffin.cat
[2010/06/20 02:55:58 | 000,001,167 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\pcouffin.inf
[2010/06/20 01:52:51 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/06/19 02:08:16 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/13 09:34:45 | 000,109,008 | ---- | M] () -- C:\Users\Mal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/12 19:50:54 | 000,399,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/22 20:45:39 | 000,946,352 | ---- | M] () -- C:\Users\Mal\AppData\Local\rx_image.Cache
[2010/05/22 20:45:38 | 000,059,024 | ---- | M] () -- C:\Users\Mal\AppData\Local\rx_audio.Cache
[2010/05/18 16:55:18 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/05/18 16:55:18 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2010/05/13 00:17:11 | 000,001,684 | ---- | M] () -- C:\Users\Mal\Desktop\CCleaner.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/22 17:33:39 | 000,001,714 | ---- | M] () -- C:\Users\Mal\Desktop\LimeWire 5.5.8.lnk
[2010/04/19 20:47:42 | 003,062,048 | ---- | M] () -- C:\Windows\SysNative\usbaaplrc.dll
[2010/04/19 20:47:42 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaapl64.sys

========== Files Created - No Company Name ==========

[2010/07/08 23:30:56 | 000,000,723 | ---- | C] () -- C:\Users\Mal\Desktop\NTREGOPT.lnk
[2010/07/08 23:30:56 | 000,000,704 | ---- | C] () -- C:\Users\Mal\Desktop\ERUNT.lnk
[2010/07/08 23:26:14 | 000,293,376 | ---- | C] () -- C:\Users\Mal\Desktop\gmer.exe
[2010/07/07 23:45:35 | 000,100,908 | ---- | C] () -- C:\Users\Mal\Desktop\SystemLook.exe
[2010/07/07 22:50:09 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/07 22:50:08 | 061,808,162 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/07 22:50:08 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/07 22:50:04 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/07/07 22:50:02 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/07 22:50:00 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/07 22:49:58 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/03 21:41:36 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 16:35:18 | 000,000,020 | ---- | C] () -- C:\Users\Mal\defogger_reenable
[2010/06/27 15:35:02 | 4024,258,560 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/26 19:43:52 | 000,015,427 | ---- | C] () -- C:\Users\Mal\Documents\ROSE Guide.docx
[2010/06/20 02:03:03 | 000,002,239 | ---- | C] () -- C:\Users\Mal\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/06/20 01:52:51 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/06/19 01:38:04 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/31 01:07:24 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/31 01:07:13 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/05/18 16:55:18 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/05/18 16:55:18 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/05/13 19:47:26 | 000,428,440 | ---- | C] () -- C:\Users\Mal\AppData\Local\dd_vcredistMSI2129.txt
[2010/05/13 19:47:25 | 000,016,674 | ---- | C] () -- C:\Users\Mal\AppData\Local\dd_vcredistUI2129.txt
[2010/05/09 17:42:02 | 009,243,136 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/05/09 17:42:01 | 012,464,128 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/05/09 17:41:59 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/09 17:41:58 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/05/09 17:41:58 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/05/09 17:41:57 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/05/09 17:41:57 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/09 17:41:57 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/09 17:41:57 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/05/09 17:41:56 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/05/09 17:41:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/09 17:41:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/05/09 17:41:56 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/05/09 17:41:56 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/05/09 17:41:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/05/09 17:41:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/05/09 17:41:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/05/09 17:41:56 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/05/09 17:41:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/05/09 17:41:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/05/09 17:41:55 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/05/09 17:41:24 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/09 17:41:21 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/05/09 17:41:20 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/05/09 17:41:20 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/05/09 17:40:39 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/05/09 17:40:37 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/05/09 17:40:34 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/05/09 17:40:34 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/05/09 17:40:34 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/05/09 17:40:04 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/05/09 17:39:43 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/22 17:33:39 | 000,001,714 | ---- | C] () -- C:\Users\Mal\Desktop\LimeWire 5.5.8.lnk
[2010/04/19 20:47:42 | 003,062,048 | ---- | C] () -- C:\Windows\SysNative\usbaaplrc.dll
[2010/04/19 20:47:42 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2009/10/04 20:10:18 | 000,001,024 | ---- | C] () -- C:\Windows\ActivStats.INI
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/10 00:22:24 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\0D1793FE46F908865A8AF54448697546
[2010/05/07 17:49:30 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\AnvSoft
[2009/11/20 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Any DVD Converter Professional
[2010/01/31 12:13:34 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Any Video Converter
[2010/07/09 18:26:25 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\BitTorrent
[2010/03/24 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\DAEMON Tools Lite
[2009/07/07 05:37:18 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\DNA
[2010/07/09 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\LimeWire
[2010/07/07 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\LockHunter
[2010/04/25 11:27:43 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\MPEG Streamclip
[2009/02/01 00:28:02 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\muvee Technologies
[2009/03/02 15:04:15 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Obsidium
[2009/06/04 18:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\SecondLife
[2010/06/20 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Vso
[2010/05/07 17:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\WinFF
[2010/07/08 23:27:32 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/07/08 23:28:16 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/08 23:28:15 | 042,876,927 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 11:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 22:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5D2892D9
< End of report >


And OTL Extras Log:


OTL Extras logfile created on: 7/9/2010 6:33:50 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Mal\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 108.20 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 12.81 Gb Free Space | 99.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Mal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BE3B0C-96C7-4E6B-B384-A4ADF19F0FA5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27334642-83B7-4358-9308-88C9BE8C2675}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5AF77497-374C-4302-AEA0-3C007DB88CB4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65F7372D-3630-4254-97F6-1CA3C03E887C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AA00961-5A23-4508-A9F8-A70CED89B4F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EEF0148-1525-4992-B5E2-3FEAED19672A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85C88614-0CC4-456B-A50D-CAFF35F640D1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8E2585E3-072A-4A6C-B816-F58016472C7D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9414056A-2AA0-450E-929A-72F5F5A9C957}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9DFC3DE7-7FF4-4DA7-9C04-79EA2A543C80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A25BFF17-D898-4BFF-AFE5-53BC9AE36C77}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A79443B0-5A09-4B57-AE4C-25472FACDF85}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BE76C132-0446-4B90-B856-4065279F497A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2B627D6-2D88-4293-8E9A-1896165B667E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB456E1F-DA91-4A5C-80B0-A6008B9E9A49}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D212BBA2-9058-4F58-9E23-C68534DA5C4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4171B20-8A1E-4C2D-A62D-BD47F8E5B304}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DDC8C6D2-FC70-4120-A350-67BF15A54A0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE6222F4-1C75-47FD-83AE-14F71AF56577}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D93087-B3C6-4D11-B611-82B4C6AC416F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{14F2C94D-753C-4919-BD7B-9DE6C39F3793}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{18EA1632-4E59-4BCD-BE30-AD43AA6D3538}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{1AABF9E7-58EA-4C18-AC80-B9EBC7B01508}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2C814E25-B4AA-4D10-8E98-4AD81B1A354D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2CFFA7D5-9890-4087-9B1B-AF8A6285D8AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{4B5F2328-0334-49F6-A6FF-9CAAF5C58128}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{4C007BA7-4096-42C9-9CD5-8CFCC0DC4000}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{568F0E90-E795-416C-9991-176258007CEB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{65DEB1E7-B274-4662-9517-34DB76770F42}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{722186FA-F1BC-4CA0-B57F-6BF3F5C62A62}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8A22469D-A089-451A-B403-0D608507F86F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{8CC97A70-C2C8-4ADF-A225-CDFE6C31D31A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90130EAE-D22E-428C-ABEE-4402166692B4}" = protocol=58 | dir=in | [email protected],-148 |
"{9294E701-7F5E-46DA-BCD0-29F083D3ED07}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{92E1FD57-C381-4AA5-A03A-219EABDFF247}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{965DBF12-969D-4DDB-99E7-22EA1EB67603}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{A0FDF68F-F982-486E-B522-837FDDCC78F2}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B18411E9-F505-42EE-AFE1-836B49ECDB28}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B226EA3B-B251-432C-87C7-EC2852FB2C8D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B9871A09-16C3-4355-97EE-CAA1E8AC9D04}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B9A82166-AAFF-472C-B706-16B7681665E2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C08ED77A-D608-4C69-873F-0BFCEAB29E08}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C6023A86-6FCC-44F5-9058-464F0165D31F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{C82CC71F-4B2D-4437-BEAB-C6A0236DA4C7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C97B77E3-28CB-4E43-B123-7797D8E33B19}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{CF017844-137D-4FD7-B140-132341602CC2}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D186D88B-6BD8-4841-B282-1399D63F039D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E01B3E06-9E7F-4EE3-A6FE-1F2445695E55}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{E577E00A-CAAB-4B22-9724-00C28B7E1360}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{E613D018-57D9-4D36-8795-79145B0C1DE0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E88AC95E-A03B-4CF8-B995-F1D23B022533}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{EAFCA698-6945-4134-89F9-A13F63A01EAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3526CD8-D048-44F1-BC69-7B4476544322}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{FC3D38AC-3AE5-4B80-A30C-FAB8CF5614AD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{5FC71ED9-6129-4042-B774-D2CF439907D6}C:\users\mal\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mal\program files (x86)\dna\btdna.exe |
"TCP Query User{7D4AE4F9-560E-431D-9568-859D43223771}C:\users\mal\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mal\program files (x86)\dna\btdna.exe |
"TCP Query User{A5729EC2-CAE2-4D4C-8B4B-F5BB647A1DD9}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{D5CCE52C-2ACC-41B7-AA71-9540C3ACAE09}C:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe |
"TCP Query User{EC10EA12-3132-452C-A9CB-A040E2C6999A}C:\program files (x86)\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlife\slvoice.exe |
"TCP Query User{F0DC41B4-E092-4DD7-96DA-98AD5E5DB08F}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{F7DB3434-92B5-48E3-AF51-6B670B5D8C07}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{FBB23945-85CF-46E0-8700-C980F8F16E74}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{FE4C45F0-8808-4C36-B86A-BB40B6A185F4}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{01DDB873-1740-4580-8F46-56B2A9149B80}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{24A5B1E2-14E4-452C-BB96-735C23C56F72}C:\program files (x86)\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlife\slvoice.exe |
"UDP Query User{30972BC6-6A23-4383-B999-D496944D4657}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{47B4AD72-3CBC-48C6-B044-BD8CA0EB1BF8}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{502F5019-138F-4FCB-B140-9BF32C912BDF}C:\users\mal\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mal\program files (x86)\dna\btdna.exe |
"UDP Query User{6E4B2263-42B0-461A-A72E-6CC46F886CF5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{805ED943-85D7-42EB-8A58-A12CC0251BAB}C:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe |
"UDP Query User{97C12F4E-D643-43E1-98F4-9646C08BE620}C:\users\mal\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mal\program files (x86)\dna\btdna.exe |
"UDP Query User{B57E5033-E363-4814-AC13-868060639167}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{50CFD060-4267-0D82-C5A1-4C083110F34F}" = ATI Catalyst Install Manager
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DFBAEAEC-39A9-5558-C9BA-1EB60F15683A}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01C9296A-717B-180B-6C1B-972B2A240787}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D5ADBC6-EAC6-6044-0C97-1F7CF77F4AC4}" = Catalyst Control Center Graphics Full New
"{13C984A7-4904-2D52-E0FA-56564B993150}" = ccc-core-static
"{13E5609E-A4A2-F837-86AD-7105855D96CC}" = CCC Help Chinese Standard
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22507ED9-4D42-D684-C96F-6B8870EF4236}" = CCC Help Finnish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C5D17D6-3FE0-2275-D0A7-866CD704F701}" = Catalyst Control Center Localization Czech
"{2CC69A5D-226D-6ABE-53D1-FCD400CED07C}" = CCC Help Spanish
"{2FB49B58-79BA-BAC5-E7FE-5D6A6C1E8BB9}" = CCC Help Greek
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30A6DC6F-C97A-3C6D-54B3-E284CC2EC9E3}" = CCC Help German
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42300B1F-93D5-DDB9-4563-49399402B70F}" = CCC Help Dutch
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4E7060-5110-1C02-9227-CC6E9662DD7F}" = Catalyst Control Center Localization Russian
"{4ECD755B-EA8E-1F6D-27D3-D77324033090}" = Catalyst Control Center Localization French
"{4F038D40-0B3C-88C8-BCEB-268A3A89C312}" = Catalyst Control Center Localization Korean
"{4F924BE2-FE46-7A15-DA29-214DDCB65A13}" = Catalyst Control Center Localization Dutch
"{53A4B5BE-5C9A-024D-8A19-5D13668DFE34}" = Catalyst Control Center Localization Turkish
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5FED28FC-6C33-1B35-1651-C3466CCB047B}" = CCC Help English
"{60820957-6977-9543-D784-F6DCDC265ED4}" = Catalyst Control Center Graphics Full Existing
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{658940CB-D84C-23A6-6008-9A89111863A2}" = CCC Help Russian
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{69162FA0-D2C9-0963-B4F6-3898269786EC}" = Catalyst Control Center Localization Italian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DB85E8-EEBF-B0D2-651A-398814CB664C}" = Catalyst Control Center Localization Thai
"{7BEF7553-EE3E-DE5D-2576-262D0EC93FB9}" = CCC Help Italian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824A7ACB-5101-5244-6470-9EC0DBAB67A3}" = CCC Help Danish
"{82DE85F1-AAA1-BC75-AD7E-640332C8F98B}" = Catalyst Control Center Localization Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8659BC40-A836-3B79-0D79-DC761DA734D6}" = Catalyst Control Center Localization Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92751A73-9C38-51D6-CFE7-D66ADF26A17A}" = CCC Help Portuguese
"{936622D2-47A8-FC24-FA43-5899EFCA8844}" = CCC Help Swedish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B13D1C1-1BCD-8677-E129-6E1928223F1B}" = Catalyst Control Center Graphics Light
"{A0B89436-5683-A215-0952-11F3C15040C9}" = Catalyst Control Center Localization German
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A3E53E55-0359-104E-7624-9AB51B1BCE66}" = CCC Help Japanese
"{A4B8BD05-69FB-8F9A-6C93-E405D0B56361}" = Catalyst Control Center Localization Greek
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9134088-CCC0-56E7-9C75-86811084AB99}" = Skins
"{AB10EFAD-17B5-5295-6214-400CE5681661}" = CCC Help Norwegian
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3284308-AAAE-8021-F19C-42B894135B5C}" = Catalyst Control Center Localization Polish
"{BB1A8D7E-A399-35CE-7DEF-1022A600FDE9}" = Catalyst Control Center Localization Swedish
"{BB640A89-2E5E-2BB1-97A7-E953ACC9D374}" = CCC Help Polish
"{BDBB3B7C-80F1-160F-59D6-DAF7BCCD5BF3}" = Catalyst Control Center Graphics Previews Vista
"{C0626560-9EB6-0A04-C704-4D6AA38A873D}" = CCC Help Thai
"{C4898551-1329-E6BF-7E7D-1B93B15AFAA8}" = Catalyst Control Center Localization Chinese Traditional
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCDA625A-06DB-A9D5-B672-B5B416723DF8}" = Catalyst Control Center Localization Hungarian
"{D0650094-44A0-67C7-70A4-CF00576237A8}" = CCC Help Korean
"{D36D8B67-ED17-9C76-73CA-D4AF448028FD}" = Catalyst Control Center Graphics Previews Common
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E1FB7C-C1FD-E326-AE52-F9D7D8A1D122}" = CCC Help Chinese Traditional
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DC7B0CCB-67A5-CC25-34A7-1BBF6D1E1280}" = Catalyst Control Center Localization Japanese
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E00CD076-B59D-1825-6FAA-383BE7CCEBFE}" = CCC Help Turkish
"{E27C8061-488F-1D13-9B43-25659DD1CBDE}" = Catalyst Control Center Localization Chinese Standard
"{E288A04A-A9D7-F79A-7E88-58321A0F12FC}" = Catalyst Control Center Localization Portuguese
"{E374D624-9BE9-3209-201D-931893B99C37}" = Catalyst Control Center Localization Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED5862BF-C91D-0358-B62D-C0FAF7F9C66E}" = Catalyst Control Center InstallProxy
"{EE1AAA45-21EE-1630-DB15-164DD1DB2E47}" = CCC Help French
"{EFEAED6F-B458-A1C7-49BC-F1CA1C75C8AE}" = Catalyst Control Center Localization Norwegian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63B8DC4-4309-9F2E-07C1-4BE967F5668D}" = CCC Help Hungarian
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7CCA8CB-FF7C-A5CF-4C77-F9F31BB2D227}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player 10 ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"PROPLUS" = Microsoft Office Professional Plus 2007
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2010 11:24:05 AM | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =

Error - 6/27/2010 11:51:28 AM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 1:39:54 PM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 1:51:03 PM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 2:26:27 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program FixSirc.com version 1.0.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: d80 Start Time: 01cb1625a53b6490 Termination Time: 0

Error - 6/27/2010 3:17:33 PM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 4:35:54 PM | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =

Error - 6/30/2010 8:26:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/30/2010 8:47:10 PM | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =

Error - 7/3/2010 1:53:22 PM | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 7/8/2010 11:17:46 PM | Computer Name = Laptop | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 7/8/2010 11:27:10 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7031
Description =

Error - 7/8/2010 11:28:14 PM | Computer Name = Laptop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/8/2010 11:28:33 PM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =

Error - 7/8/2010 11:28:59 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 7/8/2010 11:28:59 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 7/8/2010 11:33:06 PM | Computer Name = Laptop | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FB103C&REV_00\4&2a995034&0&0028)
disappeared from the system without first being prepared for removal.

Error - 7/8/2010 11:33:06 PM | Computer Name = Laptop | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FB103C&REV_00\4&2a995034&0&0228)
disappeared from the system without first being prepared for removal.

Error - 7/8/2010 11:33:06 PM | Computer Name = Laptop | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FB103C&REV_00\4&2a995034&0&0328)
disappeared from the system without first being prepared for removal.

Error - 7/8/2010 11:33:06 PM | Computer Name = Laptop | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428)
disappeared from the system without first being prepared for removal.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
You do have a malware proxy on port 5555 so you have been infected at some time.

Uninstall DAEMON Tools Lite
and since you are now reformed:
DNA
LimeWire
BitTorrent
and any other P2P software. Reboot.


Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/03/21 23:53:16 | 000,834,544 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O33 - MountPoints2\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{71027f1c-d470-11de-80a5-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{71027f1c-d470-11de-80a5-001eecfcdc5d}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{8024c758-6be8-11de-b596-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{8024c758-6be8-11de-b596-001eecfcdc5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

:Files
C:\Windows\SysNative\Drivers\sptd.sys
C:\Users\Mal\{427911e7-7d24-4273-b1c4-09d075e84c47}
C:\Users\Mal\AppData\Roaming\0D1793FE46F908865A8AF54448697546
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED
	 
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Copy (Highlight and Ctrl + c) the next line.

http://www.bitdefend...nline/free.html

Close all programs and browsers. Right click and select Run As Administrator on IE or FireFox icon on your desktop and then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter. Follow the instructions. Try to stick around for the finish which shouldn't be too long and copy and paste the report it gives you into a reply.

Ron
  • 0

#3
Maleia

Maleia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I dont see where Daemon Tools Lite is still installed. It didnt show up in CCleaner's uninstall list and also didnt show up in Windows Uninstall list either. I checked C:\ and didnt see any folder for Daemon at all. I must be missing something.


After the laptop rebooted automatically following OTL, the desktop didnt show up. Rebooted a second time and it started after about five minutes and produced the following log:


All processes killed
========== OTL ==========
Service !SASCORE stopped successfully!
Service !SASCORE deleted successfully!
File C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE not found.
Service SRTSPX stopped successfully!
Service SRTSPX deleted successfully!
File C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS not found.
Service SRTSP stopped successfully!
Service SRTSP deleted successfully!
File C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS not found.
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\SysNative\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\SysNative\DRIVERS\ipinip.sys not found.
Service sptd stopped successfully!
Service sptd deleted successfully!
File move failed. C:\Windows\SysNative\Drivers\sptd.sys scheduled to be moved on reboot.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03e12ebe-8202-11de-a92e-001eecfcdc5d}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{282318cf-74d6-11df-a9c3-001eecfcdc5d}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\ not found.
File F:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65e6037f-33c9-11df-82ca-001eecfcdc5d}\ not found.
File F:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71027f1c-d470-11de-80a5-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71027f1c-d470-11de-80a5-001eecfcdc5d}\ not found.
File F:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71027f1c-d470-11de-80a5-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71027f1c-d470-11de-80a5-001eecfcdc5d}\ not found.
File F:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8024c758-6be8-11de-b596-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8024c758-6be8-11de-b596-001eecfcdc5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8024c758-6be8-11de-b596-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8024c758-6be8-11de-b596-001eecfcdc5d}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba8606dd-75a4-11df-ac16-001eecfcdc5d}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7cd49d9-3566-11df-915f-001eecfcdc5d}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe not found.
========== FILES ==========
File move failed. C:\Windows\SysNative\Drivers\sptd.sys scheduled to be moved on reboot.
C:\Users\Mal\{427911e7-7d24-4273-b1c4-09d075e84c47} folder moved successfully.
C:\Users\Mal\AppData\Roaming\0D1793FE46F908865A8AF54448697546 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} folder moved successfully.
Folder move failed. C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro scheduled to be moved on reboot.
Folder move failed. C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mal
->Temp folder emptied: 130094 bytes
->Temporary Internet Files folder emptied: 128424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36696670 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 721 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 10969436 bytes

Total Files Cleaned = 46.00 mb


OTL by OldTimer - Version 3.2.7.1 log created on 07092010_213007

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\Drivers\sptd.sys scheduled to be moved on reboot.
Folder move failed. C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro scheduled to be moved on reboot.
Folder move failed. C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro scheduled to be moved on reboot.
Folder move failed. C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...






Here is the OTL quick scan log:




OTL logfile created on: 7/9/2010 9:41:30 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Mal\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 106.28 Gb Free Space | 48.32% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 12.81 Gb Free Space | 99.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Mal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 23:26:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
PRC - [2010/07/07 22:49:49 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/07 22:49:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/23 23:36:20 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 23:26:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/26 20:34:42 | 000,030,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/16 23:14:32 | 000,905,216 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 16:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/07/07 22:49:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/07 22:50:02 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/07 22:50:00 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/07 22:49:58 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/16 20:24:02 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/02/26 20:34:48 | 000,030,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/02/26 20:34:30 | 000,041,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/11/24 21:01:40 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/26 10:50:34 | 000,380,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/09/17 00:01:26 | 004,709,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 18:54:18 | 000,026,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 04:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/31 05:36:18 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/02/29 19:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/09/26 06:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com|....spcollege.edu"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/07 22:49:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/23 23:36:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/09 20:46:48 | 000,000,000 | ---D | M]

[2010/01/10 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Mozilla\Extensions
[2009/01/30 18:05:16 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/09 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions
[2010/05/31 10:25:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/23 23:36:32 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/07/03 18:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/03 18:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/03 18:56:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/09 21:30:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/08 23:31:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/08 23:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/08 23:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/08 23:26:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
[2010/07/08 23:25:35 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Mal\Desktop\erunt_setup.exe
[2010/07/08 23:24:58 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Mal\Desktop\TFC.exe
[2010/07/07 23:58:06 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTM.exe
[2010/07/07 22:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/07/07 22:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/07/07 22:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/07/07 22:28:41 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\LockHunter
[2010/07/07 22:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2010/07/04 22:43:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/04 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Mal\Documents\School
[2010/07/03 22:03:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/03 21:41:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/03 21:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/03 19:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/03 19:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/03 18:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/03 18:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/27 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Local\VS Revo Group
[2010/06/27 11:31:51 | 886,625,331 | ---- | C] (AruaROSE ) -- C:\Users\Mal\Documents\AruaROSE_v837.exe
[2010/06/20 02:55:50 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2010/06/20 02:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/06/20 01:54:01 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\vlc
[2010/06/19 01:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 01:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 01:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/19 01:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 01:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/11 18:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/06/11 18:05:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/06/11 11:24:30 | 000,000,000 | ---D | C] -- C:\Users\Mal\Desktop\The Sims 3 - Razor1911 Final MAXSPEED
[2010/06/10 17:20:00 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/06/09 19:35:55 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Local\Windows Server
[2010/05/31 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/05/09 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Local\Geckofx
[2010/05/07 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\AnvSoft
[2010/04/25 11:31:51 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\WinFF
[2010/04/25 11:27:43 | 000,000,000 | ---D | C] -- C:\Users\Mal\AppData\Roaming\MPEG Streamclip
[2010/04/11 11:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

========== Files - Modified Within 90 Days ==========

[2010/07/09 21:43:41 | 002,359,296 | -HS- | M] () -- C:\Users\Mal\ntuser.dat
[2010/07/09 21:42:02 | 000,695,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/09 21:42:02 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/09 21:42:02 | 000,105,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/09 21:35:31 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/09 21:35:30 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/09 21:35:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/09 21:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/09 21:35:15 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 21:34:26 | 000,524,288 | -HS- | M] () -- C:\Users\Mal\ntuser.dat{ddb7893c-1b70-11df-9ab6-001eecfcdc5d}.TMContainer00000000000000000001.regtrans-ms
[2010/07/09 21:34:26 | 000,065,536 | -HS- | M] () -- C:\Users\Mal\ntuser.dat{ddb7893c-1b70-11df-9ab6-001eecfcdc5d}.TM.blf
[2010/07/09 20:48:37 | 002,619,782 | -H-- | M] () -- C:\Users\Mal\AppData\Local\IconCache.db
[2010/07/09 20:03:42 | 000,002,611 | ---- | M] () -- C:\Users\Mal\Desktop\Microsoft Office Word 2007.lnk
[2010/07/09 17:57:45 | 000,002,239 | ---- | M] () -- C:\Users\Mal\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/09 17:34:50 | 061,808,162 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/08 23:30:56 | 000,000,723 | ---- | M] () -- C:\Users\Mal\Desktop\NTREGOPT.lnk
[2010/07/08 23:30:56 | 000,000,704 | ---- | M] () -- C:\Users\Mal\Desktop\ERUNT.lnk
[2010/07/08 23:26:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTL.exe
[2010/07/08 23:25:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Mal\Desktop\erunt_setup.exe
[2010/07/08 23:25:02 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\TFC.exe
[2010/07/07 23:58:09 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mal\Desktop\OTM.exe
[2010/07/07 23:45:36 | 000,100,908 | ---- | M] () -- C:\Users\Mal\Desktop\SystemLook.exe
[2010/07/07 22:50:09 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/07 22:50:08 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/07 22:50:04 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/07/07 22:50:02 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/07 22:50:00 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/07 22:49:58 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/03 21:41:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 16:35:19 | 000,000,020 | ---- | M] () -- C:\Users\Mal\defogger_reenable
[2010/06/27 14:27:17 | 000,110,592 | ---- | M] () -- C:\Users\Mal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 11:41:33 | 886,625,331 | ---- | M] (AruaROSE ) -- C:\Users\Mal\Documents\AruaROSE_v837.exe
[2010/06/26 19:43:54 | 000,015,427 | ---- | M] () -- C:\Users\Mal\Documents\ROSE Guide.docx
[2010/06/20 03:46:34 | 000,001,041 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\vso_ts_preview.xml
[2010/06/20 02:55:58 | 000,099,384 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\inst.exe
[2010/06/20 02:55:58 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Mal\AppData\Roaming\pcouffin.sys
[2010/06/20 02:55:58 | 000,007,859 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\pcouffin.cat
[2010/06/20 02:55:58 | 000,001,167 | ---- | M] () -- C:\Users\Mal\AppData\Roaming\pcouffin.inf
[2010/06/20 01:52:51 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/06/19 02:08:16 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/13 09:34:45 | 000,109,008 | ---- | M] () -- C:\Users\Mal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/12 19:50:54 | 000,399,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/22 20:45:39 | 000,946,352 | ---- | M] () -- C:\Users\Mal\AppData\Local\rx_image.Cache
[2010/05/22 20:45:38 | 000,059,024 | ---- | M] () -- C:\Users\Mal\AppData\Local\rx_audio.Cache
[2010/05/18 16:55:18 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/05/18 16:55:18 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2010/05/13 00:17:11 | 000,001,684 | ---- | M] () -- C:\Users\Mal\Desktop\CCleaner.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/19 20:47:42 | 003,062,048 | ---- | M] () -- C:\Windows\SysNative\usbaaplrc.dll
[2010/04/19 20:47:42 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaapl64.sys

========== Files Created - No Company Name ==========

[2010/07/08 23:30:56 | 000,000,723 | ---- | C] () -- C:\Users\Mal\Desktop\NTREGOPT.lnk
[2010/07/08 23:30:56 | 000,000,704 | ---- | C] () -- C:\Users\Mal\Desktop\ERUNT.lnk
[2010/07/08 23:26:14 | 000,293,376 | ---- | C] () -- C:\Users\Mal\Desktop\gmer.exe
[2010/07/07 23:45:35 | 000,100,908 | ---- | C] () -- C:\Users\Mal\Desktop\SystemLook.exe
[2010/07/07 22:50:09 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/07 22:50:08 | 061,808,162 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/07 22:50:08 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/07 22:50:04 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/07/07 22:50:02 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/07 22:50:00 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/07 22:49:58 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/03 21:41:36 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 16:35:18 | 000,000,020 | ---- | C] () -- C:\Users\Mal\defogger_reenable
[2010/06/27 15:35:02 | 4024,258,560 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/26 19:43:52 | 000,015,427 | ---- | C] () -- C:\Users\Mal\Documents\ROSE Guide.docx
[2010/06/20 02:03:03 | 000,002,239 | ---- | C] () -- C:\Users\Mal\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/06/20 01:52:51 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/06/19 01:38:04 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/31 01:07:24 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/31 01:07:13 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/05/18 16:55:18 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/05/18 16:55:18 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/05/13 19:47:26 | 000,428,440 | ---- | C] () -- C:\Users\Mal\AppData\Local\dd_vcredistMSI2129.txt
[2010/05/13 19:47:25 | 000,016,674 | ---- | C] () -- C:\Users\Mal\AppData\Local\dd_vcredistUI2129.txt
[2010/05/09 17:42:02 | 009,243,136 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/05/09 17:42:01 | 012,464,128 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/05/09 17:41:59 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/09 17:41:58 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/05/09 17:41:58 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/05/09 17:41:57 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/05/09 17:41:57 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/09 17:41:57 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/09 17:41:57 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/05/09 17:41:56 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/05/09 17:41:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/09 17:41:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/05/09 17:41:56 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/05/09 17:41:56 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/05/09 17:41:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/05/09 17:41:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/05/09 17:41:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/05/09 17:41:56 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/05/09 17:41:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/05/09 17:41:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/05/09 17:41:55 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/05/09 17:41:24 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/09 17:41:21 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/05/09 17:41:20 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/05/09 17:41:20 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/05/09 17:40:39 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/05/09 17:40:37 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/05/09 17:40:34 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/05/09 17:40:34 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/05/09 17:40:34 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/05/09 17:40:04 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/05/09 17:39:43 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/19 20:47:42 | 003,062,048 | ---- | C] () -- C:\Windows\SysNative\usbaaplrc.dll
[2010/04/19 20:47:42 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2009/10/04 20:10:18 | 000,001,024 | ---- | C] () -- C:\Windows\ActivStats.INI
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/07 17:49:30 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\AnvSoft
[2009/11/20 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Any DVD Converter Professional
[2010/01/31 12:13:34 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Any Video Converter
[2010/03/24 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\DAEMON Tools Lite
[2010/07/07 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\LockHunter
[2010/04/25 11:27:43 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\MPEG Streamclip
[2009/02/01 00:28:02 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\muvee Technologies
[2009/03/02 15:04:15 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Obsidium
[2009/06/04 18:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\SecondLife
[2010/06/20 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\Vso
[2010/05/07 17:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mal\AppData\Roaming\WinFF
[2010/07/09 21:34:30 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5D2892D9
< End of report >


and here is the quickscan report!

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Fri Jul 09 21:50:59 2010
Machine ID: 28C88E3E



No infection found.
-------------------



Processes
---------
<unsigned> RichVideo Module 2436 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

<verified> Apple Mobile Device Service 2164 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
<verified> Application STServices 2352 C:\Program Files (x86)\SMINST\BLService.exe
<verified> AVG Internet Security 3680 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
<verified> AVG Internet Security 2180 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
<verified> Bonjour 2192 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
<verified> CLCapSvc Module 2544 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
<verified> CLSched Module 2616 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
<verified> Firefox 1028 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
<verified> HP Wireless Assistant 3640 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HP Wireless Assistant 3248 C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
<verified> HpqToaster Module 4084 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
<verified> hpqwmiex Module 3748 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
<verified> iTunes 3660 C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE Auto Updater 2 0 3668 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


Network activity
----------------
Process firefox.exe (1028) connected on port 80 (HTTP) --> 66.194.105.31
Process firefox.exe (1028) connected on port 80 (HTTP) --> 128.242.186.247
Process firefox.exe (1028) connected on port 80 (HTTP) --> 128.242.186.247
Process firefox.exe (1028) connected on port 80 (HTTP) --> 128.242.186.247
Process firefox.exe (1028) connected on port 80 (HTTP) --> 128.242.186.247
Process firefox.exe (1028) connected on port 80 (HTTP) --> 128.242.186.247
Process firefox.exe (1028) connected on port 80 (HTTP) --> 128.242.186.247
Process firefox.exe (1028) connected on port 80 (HTTP) --> 204.2.228.66
Process firefox.exe (1028) connected on port 80 (HTTP) --> 204.2.228.66
Process firefox.exe (1028) connected on port 80 (HTTP) --> 204.2.228.66
Process firefox.exe (1028) connected on port 80 (HTTP) --> 204.2.228.66
Process firefox.exe (1028) connected on port 80 (HTTP) --> 204.2.228.66
Process firefox.exe (1028) connected on port 80 (HTTP) --> 204.2.228.66
Process firefox.exe (1028) connected on port 80 (HTTP) --> 64.208.21.26
Process firefox.exe (1028) connected on port 80 (HTTP) --> 64.208.21.9
Process firefox.exe (1028) connected on port 80 (HTTP) --> 96.16.196.20
Process firefox.exe (1028) connected on port 80 (HTTP) --> 74.125.95.100
Process firefox.exe (1028) connected on port 80 (HTTP) --> 72.247.69.115
Process firefox.exe (1028) connected on port 80 (HTTP) --> 199.7.51.190
Process firefox.exe (1028) connected on port 80 (HTTP) --> 199.7.48.190



Autoruns and critical files
---------------------------
<verified> AVG Internet Security C:\Program Files (x86)\AVG\AVG9\avgtray.exe
<verified> HP Wireless Assistant C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

<verified> 2007 Microsoft Office system C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> AVG Internet Security c:\program files (x86)\avg\avg9\avgssie.dll
<verified> BitDefender QuickScan C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
<verified> Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
<verified> Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
<verified> XpcomOpusConnector.dll C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\hs95w3c9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll


Scan
----
<unsigned> MD5: 6f95324909b502e2651442c1548ab12f C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
<unsigned> MD5: 805ae1f90c64758d19aaa001cf8cba12 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
<unsigned> MD5: 89f9e1984c1cd9e5f4fe39642d886e11 c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 7ecfb8fff406a664e35f36bdf915dfb9 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
<unsigned> MD5: f349b437abe573013a673f0a82b1b08c C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 35cf3fb481638306ca1a6a1a2f816d84 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 941fed148a6d6b8b36ffb222549e79c0 C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 7af704aab4539fd34549210e7f7d314c C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: a7429b936732f289351238e52acab521 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: c4eb57c25df9d57ce6b0fae3f9819b91 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 5b01af89d16d562825c4db4530f20cbb C:\Windows\system32\drivers\ASPI32.sys
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d875
2\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205c
b096\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.03 MB sent, 1.09 KB recvd
Scanned 488 files and modules - 57 seconds

==============================================================================
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
I removed the Daemon Tool driver with OTL so it won't bother us anymore.

Appears this thing doesn't want to go away easily. Let's try a different tactic.


* Close all programs so that you are at your desktop.
* Open the Control Panel menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.

Start(Vista Logo), Settings, Control Panel, Classic View, Default Programs. Now select Associate a File Type or Protocol with a program. Wait for it to load then scroll down to and select .iso. Note what it opens with and then Change Program, Browse. Go down to (C:\) Windows and select notepad.exe, Open, OK

Reboot into Safe Mode. (Restart and when you hear the beep, see the PC maker's logo or it tells you to press F8, start tapping the F8 key slowly. Keep tapping the F8 key until you see the Safe Mode Menu. Use the arrow keys to select Safe Mode) Log in as your usual login.

Right click on Start(Vista Logo) and select Explore. Your desktop should be at the top of the left pane under Folders. Click on it. Find The Sims 3 - Razor1911 Final MAXSPEED and double click on it. Keep drilling down until you get to the .iso file. Right click and Select Properties. Uncheck Read Only and Hidden then OK. Try to delete the file. If it won't delete Right click and select Rename. Change the .iso to .bad OK (Does it let you do it? If so reboot into Safe Mode and open Explorer again and see if you can delete the file now.)



If not reboot into Safe Mode with Command Prompt. (Restart and when you hear the beep, see the PC maker's logo or it tells you to press F8, start tapping the F8 key slowly. Keep tapping the F8 key until you see the Safe Mode Menu. Use the arrow keys to select the Command Prompt option. Log in as administrator (usually no password) if that doesn't work then use your regular password.)

When you get to the command prompt type each line in the code box with an Enter. (I use two spaces to make it easier to see where 1 space goes.)

cd  \Users\Mal\Desktop
(prompt should change to show you are in C:\Users\Mal\Desktop

dir  /a   >>  junk.txt



cd  "The  Sims  3  -  Razor1911  Final  MAXSPEED"

dir  /a	>>  junk.txt

attrib  -r  -h  -s  "The  Sims  3  -  Razor1911  MAXSPEED  www.torentz.3xforum.ro.iso"

del "The  Sims  3  -  Razor1911  MAXSPEED  www.torentz.3xforum.ro.iso"

dir  /a   >>  junk.txt

cd  ..

attrib  -r  -h  -s  "The  Sims  3  -  Razor1911  Final  MAXSPEED"

del  /a  "The  Sims  3  -  Razor1911  Final  MAXSPEED"

dir  /a   >>  junk.txt

exit

If it is still there then:

Also download mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.


Then run it. It should create a log file on your desktop. Open it and copy the text and paste it into a reply.

Ron
  • 0

#5
Maleia

Maleia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry its taken me a few days, I just finished testing for finals. :) My apologies.

First things first, in safe mood I could not right click on my windows start button and explore. It said the location was not available. It was inaccessible and access was denied... Doesnt sound good.

So I rebooted in safe mood with the command prompt. That did not work either; I got to the first attrib line when it said the file was not found. The MBR Log is as follows:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
No problem with delays. I don't keep track. Hope you did well on your finals.

You should be able to get to Explorer from Start, (All) Programs, Right Click on Windows Explorer and Run As Administrator.

We might have more luck with the command if we do this:
cd  \Users\Mal\Desktop
(prompt should change to show you are in C:\Users\Mal\Desktop

dir  /a   >>  junk.txt



cd  "The  Sims  3  -  Razor1911  Final  MAXSPEED"

dir  /a	>>  junk.txt

attrib  -r  -h  -s  The*.*

del  The*.*

dir  /a   >>  junk.txt

cd  ..

attrib  -r  -h  -s   The*

rmdir  /s  "The  Sims  3  -  Razor1911  Final  MAXSPEED"

dir  /a   >>  junk.txt

notepad  junk.txt

exit

If a step won't work go on to the next one. Post the text from notepad.

Download MBRCheck.exe to your desktop and run it

http://ad13.geekstogo.com/MBRCheck.exe

It will create a file something like:
MBRCheck_07.12.10_21.30.29.txt on your desktop



Open it and copy it to a reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2.Right-click VEW.exe select Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Ron

Edited by RKinner, 14 July 2010 - 01:30 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP